|
209881
|
6.1 |
MEDIUM
Physics
|
baxter
|
em2400_firmware
em1200_firmware
|
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical acce…
|
NVD-CWE-Other
|
CVE-2020-12024
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209882
|
6.1 |
MEDIUM
Local
|
baxter
|
em2400_firmware
em1200_firmware
|
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editi…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-12020
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209883
|
9.8 |
CRITICAL
Network
|
baxter
|
em2400_firmware
em1200_firmware
|
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 a…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12016
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209884
|
7.5 |
HIGH
Network
|
baxter
|
em2400_firmware
em1200_firmware
|
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an att…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-12008
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209885
|
6.1 |
MEDIUM
Physics
|
baxter
|
em2400_firmware
em1200_firmware
|
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, an…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12012
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209886
|
7.5 |
HIGH
Network
|
apache
canonical
oracle
opensuse
debian
netapp
|
tomcat
ubuntu_linux
workload_manager
siebel_ui_framework
mysql_enterprise_monitor
leap
debian_linux
oncommand_system_manager
|
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient …
|
NVD-CWE-noinfo
|
CVE-2020-11996
|
2024-11-21 13:59 |
2020-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209887
|
8.8 |
HIGH
Adjacent
|
rockwellautomation
|
factorytalk_services_platform
|
In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent a…
|
CWE-20
Improper Input Validation
|
CVE-2020-12033
|
2024-11-21 13:59 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209888
|
9.0 |
CRITICAL
Network
|
osisoft
|
pi_web_api
|
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-12021
|
2024-11-21 13:59 |
2020-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209889
|
9.8 |
CRITICAL
Network
|
unisys
|
stealth
|
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.
|
CWE-863
Incorrect Authorization
|
CVE-2020-12053
|
2024-11-21 13:59 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209890
|
9.8 |
CRITICAL
Network
|
apache
|
shiro
|
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
|
NVD-CWE-noinfo
|
CVE-2020-11989
|
2024-11-21 13:59 |
2020-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
