Total
79788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25169 | 1 Reolink | 14 Rlc-410, Rlc-410 Firmware, Rlc-422 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds. | |||||
| CVE-2020-25166 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 7.5 HIGH | 7.6 HIGH |
| An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. | |||||
| CVE-2020-25165 | 1 Bd | 3 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware, Alaris Systems Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit. | |||||
| CVE-2020-25163 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 4.9 MEDIUM | 7.7 HIGH |
| A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions. | |||||
| CVE-2020-25162 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. | |||||
| CVE-2020-25161 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | |||||
| CVE-2020-25158 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 4.3 MEDIUM | 7.6 HIGH |
| A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. | |||||
| CVE-2020-25157 | 1 Advantech | 1 R-seenet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | |||||
| CVE-2020-25156 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. | |||||
| CVE-2020-25155 | 1 Nexcom | 2 Nio 50, Nio 50 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). | |||||
| CVE-2020-25151 | 1 Nexcom | 2 Nio 50, Nio 50 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). | |||||
| CVE-2020-25150 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 9.0 HIGH | 7.6 HIGH |
| A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | |||||
| CVE-2020-25149 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | |||||
| CVE-2020-25145 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. | |||||
| CVE-2020-25144 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | |||||
| CVE-2020-25143 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php. | |||||
| CVE-2020-25136 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. | |||||
| CVE-2020-25134 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. | |||||
| CVE-2020-25133 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. | |||||
| CVE-2020-25125 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version. | |||||