Vulnerabilities - Yack CVE

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-6982 1Honeywell 1Win Pak Jun 17, 2026 Mar 24, 2020 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
CVE-2020-6981 1Moxa 2Eds 510e Firmware Eds G516e Firmware Jun 17, 2026 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
CVE-2020-6980 1Rockwellautomation 4Micrologix 1100 Firmware Micrologix 1400 A FirmwareMicrologix 1400 B Firmware+1 more Jun 17, 2026 Mar 16, 2020 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP...Show more Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.Show less
CVE-2020-6979 1Moxa 2Eds 510e Firmware Eds G516e Firmware Jun 17, 2026 Mar 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.
CVE-2020-6978 1Honeywell 1Win Pak Jun 17, 2026 Mar 24, 2020 N/A· v4 7.2 HIGH· v3 6.4 MEDIUM· v2 In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
CVE-2020-6977 1Ge 16Invenia Abus Scan Station Firmware Logiq E10 FirmwareLogiq E9 Firmware+13 more Jun 17, 2026 Feb 20, 2020 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to t...Show more A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5Show less
CVE-2020-6976 1Deltaww 1Cncsoft Screeneditor Jun 17, 2026 Mar 18, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation.
CVE-2020-6975 1Digi 2Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware Jun 17, 2026 Feb 12, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the applica...Show more Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.Show less
CVE-2020-6974 1Honeywell 1Notifier Webserver Jun 17, 2026 Apr 7, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the prob...Show more Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.Show less
CVE-2020-6973 1Digi 2Connectport Lts 32 Mei Bios Connectport Lts 32 Mei Firmware Jun 17, 2026 Feb 13, 2020 N/A· v4 6.2 MEDIUM· v3 6.3 MEDIUM· v2 Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service c...Show more Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.Show less
CVE-2020-6972 1Honeywell 1Notifier Webserver Jun 17, 2026 Mar 24, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
CVE-2020-6971 1Emerson 1Valvelink Jun 17, 2026 Mar 5, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.
CVE-2020-6970 1Emerson 1Openenterprise Scada Server Jun 17, 2026 Feb 19, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially...Show more A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.Show less
CVE-2020-6969 1Automationdirect 11C More Ea9 Rhi Firmware C More Ea9 T10cl FirmwareC More Ea9 T10wcl Firmware+8 more Jun 17, 2026 Feb 5, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and...Show more It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.Show less
CVE-2020-6968 1Honeywell 1Inncom Inncontrol Firmware Jun 17, 2026 Feb 20, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.
CVE-2020-6967 1Rockwellautomation 1Factorytalk Services Platform Jun 17, 2026 Mar 23, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082...Show more In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.Show less
CVE-2020-6966 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Jun 17, 2026 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products ut...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.Show less
CVE-2020-6965 1Gehealthcare 9Apexpro Telemetry Server Firmware Carescape B450 Monitor FirmwareCarescape B650 Monitor Firmware+6 more Jun 17, 2026 Jan 24, 2020 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 V...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.Show less
CVE-2020-6964 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Jun 17, 2026 Jan 24, 2020 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Sta...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.Show less
CVE-2020-6963 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Jun 17, 2026 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products ut...Show more In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.Show less
CVE-2020-6962 1Gehealthcare 9Apexpro Telemetry Server Firmware Carescape B450 Monitor FirmwareCarescape B650 Monitor Firmware+6 more Jun 17, 2026 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSC...Show more In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.Show less
CVE-2020-6961 1Gehealthcare 6Apexpro Telemetry Server Firmware Carescape Central Station Mai700 FirmwareCarescape Central Station Mas700 Firmware+3 more Jun 17, 2026 Jan 24, 2020 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSC...Show more In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.Show less
CVE-2020-6960 1Honeywell 6Hnmswvms Firmware Hnmswvmslt FirmwareMaxpro Nvr Pe Firmware+3 more Jun 17, 2026 Jan 22, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Buil...Show more The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.Show less
CVE-2020-6959 1Honeywell 6Hnmswvms Firmware Hnmswvmslt FirmwareMaxpro Nvr Pe Firmware+3 more Jun 17, 2026 Jan 22, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Buil...Show more The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.Show less
CVE-2020-6958 1Yet Another Java Service Wrapper Project 1Yet Another Java Service Wrapper Jun 17, 2026 Jan 14, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-servi...Show more An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.Show less

Previous 1...899091...14337 Next

Vulnerabilities (CVE)