Search Results (338070 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-27283 1 Redlion 1 Crimson 2024-11-21 5.3 Medium
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
CVE-2020-27282 1 Hamilton-medical 2 Hamilton-t1, Hamilton-t1 Firmware 2024-11-21 4.3 Medium
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.
CVE-2020-27281 1 Deltaww 1 Cncsoft Screeneditor 2024-11-21 7.8 High
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27280 1 Deltaww 1 Ispsoft 2024-11-21 7.8 High
A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
CVE-2020-27279 1 Redlion 1 Crimson 2024-11-21 7.5 High
A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).
CVE-2020-27278 1 Hamilton-medical 2 Hamilton-t1, Hamilton-t1 Firmware 2024-11-21 5.2 Medium
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface.
CVE-2020-27277 1 Deltaww 1 Dopsoft 2024-11-21 7.8 High
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27276 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 5.7 Medium
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.
CVE-2020-27275 1 Deltaww 1 Dopsoft 2024-11-21 7.8 High
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27274 1 Honeywell 1 Opc Ua Tunneller 2024-11-21 7.5 High
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27272 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 5.7 Medium
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.
CVE-2020-27270 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 5.7 Medium
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).
CVE-2020-27269 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 5.7 Medium
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.
CVE-2020-27268 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 6.5 Medium
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.
CVE-2020-27267 4 Ge, Ptc, Rockwellautomation and 1 more 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more 2024-11-21 9.1 Critical
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
CVE-2020-27266 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 6.5 Medium
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.
CVE-2020-27265 4 Ge, Ptc, Rockwellautomation and 1 more 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more 2024-11-21 9.8 Critical
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
CVE-2020-27264 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 8.8 High
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.
CVE-2020-27263 4 Ge, Ptc, Rockwellautomation and 1 more 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more 2024-11-21 9.1 Critical
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
CVE-2020-27262 1 Innokasmedical 2 Vital Signs Monitor Vc150, Vital Signs Monitor Vc150 Firmware 2024-11-21 5.4 Medium
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface.