Total
82350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8507 | 1 Rogersmedia | 1 Citytv Video | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. | |||||
| CVE-2020-8500 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. | |||||
| CVE-2020-8495 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | |||||
| CVE-2020-8494 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters. | |||||
| CVE-2020-8489 | 1 Abb | 1 800xa Information Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | |||||
| CVE-2020-8488 | 1 Abb | 1 800xa Batch Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | |||||
| CVE-2020-8485 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||
| CVE-2020-8484 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||
| CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | |||||
| CVE-2020-8477 | 1 Abb | 1 800xa Information Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. | |||||
| CVE-2020-8474 | 1 Abb | 1 800xa Base System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | |||||
| CVE-2020-8473 | 1 Abb | 1 800xa Base System | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
| Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. | |||||
| CVE-2020-8471 | 1 Abb | 3 800xa System, Compact Hmi, Control Builder Safe | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code. | |||||
| CVE-2020-8470 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 9.4 HIGH | 7.5 HIGH |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | |||||
| CVE-2020-8469 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | |||||
| CVE-2020-8464 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access. | |||||
| CVE-2020-8463 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | |||||
| CVE-2020-8461 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | |||||
| CVE-2020-8450 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. | |||||
| CVE-2020-8449 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. | |||||