Total
12074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27302 | 1 Realtek | 4 Rtl8195a, Rtl8195a Firmware, Rtl8710c and 1 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake. | |||||
| CVE-2020-27301 | 1 Realtek | 4 Rtl8195a, Rtl8195a Firmware, Rtl8710c and 1 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake. | |||||
| CVE-2020-27297 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233). | |||||
| CVE-2020-27288 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | |||||
| CVE-2020-27287 | 1 Deltaww | 1 Cncsoft-b | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-27284 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | |||||
| CVE-2020-27281 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-27275 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-27267 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
| CVE-2020-27265 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. | |||||
| CVE-2020-27263 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
| CVE-2020-27261 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-27250 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability. | |||||
| CVE-2020-27249 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | |||||
| CVE-2020-27248 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | |||||
| CVE-2020-27247 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | |||||
| CVE-2020-27221 | 1 Eclipse | 1 Openj9 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. | |||||
| CVE-2020-27196 | 1 Lightbend | 1 Play Framework | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service. | |||||
| CVE-2020-27051 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650338 | |||||
| CVE-2020-27050 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650365 | |||||