Export limit exceeded: 77017 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77017 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27253 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 7.5 High |
| A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device. | ||||
| CVE-2020-27250 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-27249 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | ||||
| CVE-2020-27248 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | ||||
| CVE-2020-27247 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | ||||
| CVE-2020-27246 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27245 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27244 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27243 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27242 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27232 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27231 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27230 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27229 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27228 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.8 High |
| An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | ||||
| CVE-2020-27226 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-27225 | 2 Eclipse, Redhat | 2 Platform, Devtools | 2024-11-21 | 7.8 High |
| In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | ||||
| CVE-2020-27222 | 2 Eclipse, Redhat | 3 Californium, Camel Quarkus, Integration | 2024-11-21 | 7.5 High |
| In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS. | ||||
| CVE-2020-27220 | 1 Eclipse | 1 Hono | 2024-11-21 | 8.8 High |
| The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked. | ||||
| CVE-2020-27217 | 1 Eclipse | 1 Hono | 2024-11-21 | 7.5 High |
| In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception. | ||||