|
211461
|
9.8 |
CRITICAL
Network
|
vanderbilt
|
redcap
|
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not vali…
|
CWE-89
SQL Injection
|
CVE-2020-26712
|
2024-11-21 14:20 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211462
|
7.8 |
HIGH
Local
|
google
|
android
|
In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privile…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-27059
|
2024-11-21 14:20 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211463
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-b
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27287
|
2024-11-21 14:20 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211464
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft_screeneditor
|
A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute ar…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27281
|
2024-11-21 14:20 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211465
|
7.8 |
HIGH
Local
|
deltaww
|
dopsoft
|
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-27277
|
2024-11-21 14:20 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211466
|
7.8 |
HIGH
Local
|
deltaww
|
dopsoft
|
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27275
|
2024-11-21 14:20 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211467
|
5.5 |
MEDIUM
Local
|
ethereum
|
aleth
|
A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26800
|
2024-11-21 14:20 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211468
|
7.8 |
HIGH
Local
|
videolan
debian
|
vlc_media_player
debian_linux
|
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26664
|
2024-11-21 14:20 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211469
|
5.4 |
MEDIUM
Network
|
innokasmedical
|
vital_signs_monitor_vc150_firmware
|
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (XSS) vulnerability exists in the affected products that allow an attacker to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27262
|
2024-11-21 14:20 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211470
|
5.3 |
MEDIUM
Physics
|
innokasmedical
|
vital_signs_monitor_vc150_firmware
|
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcod…
|
CWE-74
Injection
|
CVE-2020-27260
|
2024-11-21 14:20 |
2021-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
