Search Results (83849 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-27406 1 Dynpg 1 Dynpg 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
CVE-2020-27388 1 Yourls 1 Yourls 2024-11-21 5.4 Medium
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
CVE-2020-27377 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 4.8 Medium
A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting News' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts.
CVE-2020-27373 1 Drtrustusa 2 Icheck Connect Bp Monitor Bp Testing 118, Icheck Connect Bp Monitor Bp Testing 118 Firmware 2024-11-21 8.8 High
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.
CVE-2020-27366 1 Humaxdigital 2 Hgb10r-02, Hgb10r-02 Firmware 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.
CVE-2020-27359 1 Evms 1 Redcap 2024-11-21 5.4 Medium
A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages.
CVE-2020-27356 1 Debug Meta Data Project 1 Debug Meta Data 2024-11-21 5.4 Medium
The debug-meta-data plugin 1.1.2 for WordPress allows XSS.
CVE-2020-27351 2 Canonical, Debian 3 Ubuntu Linux, Advanced Package Tool, Debian Linux 2024-11-21 2 Low
Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;
CVE-2020-27347 1 Tmux Project 1 Tmux 2024-11-21 8.8 High
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
CVE-2020-27344 1 Cminds 1 Cm Download Manager 2024-11-21 6.1 Medium
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
CVE-2020-27302 1 Realtek 4 Rtl8195a, Rtl8195a Firmware, Rtl8710c and 1 more 2024-11-21 8.0 High
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.
CVE-2020-27301 1 Realtek 4 Rtl8195a, Rtl8195a Firmware, Rtl8710c and 1 more 2024-11-21 8.0 High
A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.
CVE-2020-27297 1 Honeywell 1 Opc Ua Tunneller 2024-11-21 9.8 Critical
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVE-2020-27288 1 Deltaww 1 Tpeditor 2024-11-21 7.8 High
An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
CVE-2020-27287 1 Deltaww 1 Cncsoft-b 2024-11-21 7.8 High
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27284 1 Deltaww 1 Tpeditor 2024-11-21 7.8 High
TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
CVE-2020-27281 1 Deltaww 1 Cncsoft Screeneditor 2024-11-21 7.8 High
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27278 1 Hamilton-medical 2 Hamilton-t1, Hamilton-t1 Firmware 2024-11-21 5.2 Medium
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface.
CVE-2020-27275 1 Deltaww 1 Dopsoft 2024-11-21 7.8 High
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2020-27274 1 Honeywell 1 Opc Ua Tunneller 2024-11-21 7.5 High
Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).