Search Results (85962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-7012 1 Elastic 1 Kibana 2024-11-21 8.8 High
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.
CVE-2020-7010 1 Elastic 1 Elastic Cloud On Kubernetes 2024-11-21 7.5 High
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.
CVE-2020-7009 1 Elastic 1 Elasticsearch 2024-11-21 8.8 High
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
CVE-2020-7008 1 Visam 2 Vbase Editor, Vbase Web-remote 2024-11-21 7.5 High
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources.
CVE-2020-7006 1 Systech 4 Nds-5000, Nds-5000 Firmware, Nds\/5008rm and 1 more 2024-11-21 8.4 High
Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution.
CVE-2020-7005 1 Honeywell 1 Win-pak 2024-11-21 8.8 High
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-7004 1 Visam 2 Vbase Editor, Vbase Web-remote 2024-11-21 8.8 High
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application.
CVE-2020-7003 1 Moxa 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more 2024-11-21 7.5 High
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.
CVE-2020-7002 1 Deltaww 1 Cncsoft Screeneditor 2024-11-21 7.8 High
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file.
CVE-2020-7001 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-11-21 7.5 High
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
CVE-2020-7000 1 Visam 2 Vbase Editor, Vbase Web-remote 2024-11-21 7.5 High
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.
CVE-2020-6997 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-11-21 7.5 High
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
CVE-2020-6993 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-11-21 7.5 High
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.
CVE-2020-6987 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-11-21 7.5 High
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
CVE-2020-6983 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-11-21 7.5 High
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.
CVE-2020-6982 1 Honeywell 1 Win-pak 2024-11-21 8.8 High
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
CVE-2020-6979 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-11-21 7.5 High
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.
CVE-2020-6978 1 Honeywell 1 Win-pak 2024-11-21 7.2 High
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
CVE-2020-6971 1 Emerson 1 Valvelink 2024-11-21 7.8 High
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.
CVE-2020-6968 1 Honeywell 2 Inncom Inncontrol, Inncom Inncontrol Firmware 2024-11-21 7.8 High
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.