|
214501
|
8.1 |
HIGH
Network
|
ledger
|
ledger_live
|
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-12119
|
2024-11-21 13:59 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214502
|
7.8 |
HIGH
Local
|
phoenixcontact
|
pc_worx
pc_worx_express
|
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-12498
|
2024-11-21 13:59 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214503
|
7.8 |
HIGH
Local
|
phoenixcontact
|
pc_worx
pc_worx_express
|
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-12497
|
2024-11-21 13:59 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214504
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-12605
|
2024-11-21 13:59 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214505
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-12604
|
2024-11-21 13:59 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214506
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-12603
|
2024-11-21 13:59 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214507
|
6.1 |
MEDIUM
Network
|
mageme
|
webforms_pro_m2
|
XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-12635
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214508
|
7.5 |
HIGH
Network
|
baxter
|
phoenix_x36_firmware
|
Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-12048
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214509
|
9.8 |
CRITICAL
Network
|
baxter
|
sigma_spectrum_infusion_system_firmware
|
The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12047
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214510
|
9.8 |
CRITICAL
Network
|
baxter
|
sigma_spectrum_infusion_system_firmware
|
The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded creden…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-12045
|
2024-11-21 13:59 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
