Search Results (83847 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-27263 4 Ge, Ptc, Rockwellautomation and 1 more 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more 2024-11-21 9.1 Critical
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
CVE-2020-27262 1 Innokasmedical 2 Vital Signs Monitor Vc150, Vital Signs Monitor Vc150 Firmware 2024-11-21 5.4 Medium
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface.
CVE-2020-27261 1 Omron 4 Cx-one, Cx-position, Cx-protocol and 1 more 2024-11-21 8.8 High
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-27260 1 Innokasmedical 2 Vital Signs Monitor Vc150, Vital Signs Monitor Vc150 Firmware 2024-11-21 5.3 Medium
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters.
CVE-2020-27256 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-11-21 6.8 Medium
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.
CVE-2020-27250 1 Softmaker 1 Planmaker 2021 2024-11-21 7.8 High
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.
CVE-2020-27249 1 Softmaker 1 Planmaker 2021 2024-11-21 7.8 High
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
CVE-2020-27248 1 Softmaker 1 Planmaker 2021 2024-11-21 7.8 High
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
CVE-2020-27247 1 Softmaker 1 Planmaker 2021 2024-11-21 7.8 High
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
CVE-2020-27227 1 Openclinic Ga Project 1 Openclinic Ga 2024-11-21 9.8 Critical
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
CVE-2020-27224 1 Eclipse 1 Theia 2024-11-21 9.6 Critical
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.
CVE-2020-27221 2 Eclipse, Redhat 3 Openj9, Enterprise Linux, Rhel Extras 2024-11-21 9.8 Critical
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
CVE-2020-27219 1 Eclipse 1 Hawkbit 2024-11-21 6.1 Medium
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
CVE-2020-27212 1 St 95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more 2024-11-21 7.0 High
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
CVE-2020-27196 1 Lightbend 1 Play Framework 2024-11-21 7.5 High
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
CVE-2020-27193 2 Ckeditor, Oracle 9 Ckeditor, Agile Plm, Application Express and 6 more 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
CVE-2020-27182 1 Konzept-ix 1 Publixone 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.
CVE-2020-27181 1 Konzept-ix 1 Publixone 2024-11-21 6.5 Medium
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.
CVE-2020-27176 1 Marktext 1 Marktext 2024-11-21 8.3 High
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.
CVE-2020-27173 1 Vm-superio Project 1 Vm-superio 2024-11-21 7.5 High
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.