|
209631
|
9.8 |
CRITICAL
Network
|
treck
|
tcp\/ip
|
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25066
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209632
|
7.8 |
HIGH
Local
|
supremocontrol
|
supremo
|
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.
|
CWE-269
Improper Privilege Management
|
CVE-2020-25106
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209633
|
8.8 |
HIGH
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact …
|
NVD-CWE-Other
|
CVE-2020-25096
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209634
|
8.8 |
HIGH
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session…
|
CWE-352
Origin Validation Error
|
CVE-2020-25095
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209635
|
9.8 |
CRITICAL
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server wit…
|
CWE-78
OS Command
|
CVE-2020-25094
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209636
|
7.5 |
HIGH
Network
|
hosteng
|
h0-ecom100_firmware
h2-ecom100_firmware
h4-ecom100_firmware
|
The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which ma…
|
CWE-20
Improper Input Validation
|
CVE-2020-25195
|
2024-11-21 14:17 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209637
|
7.5 |
HIGH
Network
|
siemens
|
logo\!_8_bm_firmware
|
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a reco…
|
-
|
CVE-2020-25235
|
2024-11-21 14:17 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209638
|
7.7 |
HIGH
Local
|
siemens
|
logo\!_8_bm_firmware
|
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected c…
|
-
|
CVE-2020-25234
|
2024-11-21 14:17 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209639
|
5.5 |
MEDIUM
Local
|
siemens
|
logo\!_8_bm_firmware
|
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encry…
|
-
|
CVE-2020-25233
|
2024-11-21 14:17 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209640
|
7.5 |
HIGH
Network
|
siemens
|
logo\!_8_bm_firmware
|
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic funct…
|
-
|
CVE-2020-25232
|
2024-11-21 14:17 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
