Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-28276 Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28277 Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29470 OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each ti... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-29471 OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture,... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-1848 There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-28278 Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28279 Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28280 Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28281 Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28282 Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28283 Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35773 The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. | 8.8 | HIGH | β | 0 |
| CVE-2020-35774 server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-9208 There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to ob... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-9093 There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been fr... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-9094 There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending m... | 7.5 | HIGH | β | 0 |
| CVE-2020-9124 There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected prod... | 7.5 | HIGH | β | 0 |
| CVE-2020-9125 There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending ... | 6.7 | MEDIUM | β | 0 |
| CVE-2020-9207 There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting... | 7.8 | HIGH | β | 0 |
| CVE-2020-9223 There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial o... | 7.5 | HIGH | β | 0 |
| CVE-2020-35735 Vidyo 02-09-/D allows clickjacking via the portal/ URI. | 4.7 | MEDIUM | β | 0 |
| CVE-2020-16268 The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TR... | 8.8 | HIGH | β | 0 |
| CVE-2020-27643 The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not n... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-27644 The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and l... | 8.8 | HIGH | β | 0 |
| CVE-2020-27645 The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and l... | 8.8 | HIGH | β | 0 |
| CVE-2020-10207 Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10210 Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through S... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10206 Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact wi... | 4.4 | MEDIUM | β | 0 |
| CVE-2020-10208 Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-35815 Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-10209 Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-t... | 8.1 | HIGH | β | 0 |
| CVE-2020-35777 NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | 8.4 | HIGH | β | 0 |
| CVE-2020-35778 Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-35779 NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 7.5 | HIGH | β | 0 |
| CVE-2020-35780 NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 7.1 | HIGH | β | 0 |
| CVE-2020-35781 NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | 8.3 | HIGH | β | 0 |
| CVE-2020-25846 The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user'... | 7.5 | HIGH | β | 0 |
| CVE-2020-35782 Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.... | 8.1 | HIGH | β | 0 |
| CVE-2020-35783 Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-35784 Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.... | 6.2 | MEDIUM | β | 0 |
| CVE-2020-35785 NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). | 8.3 | HIGH | β | 0 |
| CVE-2020-35786 NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. | 4.5 | MEDIUM | β | 0 |
| CVE-2021-42089 An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. | 7.5 | HIGH | β | 0 |
| CVE-2020-35787 Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 b... | 8.0 | HIGH | β | 0 |
| CVE-2020-35788 NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. | 7.6 | HIGH | β | 0 |
| CVE-2020-35789 NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | 8.8 | HIGH | β | 0 |
| CVE-2020-35790 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. | 6.4 | MEDIUM | β | 0 |
| CVE-2020-35791 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. | 6.4 | MEDIUM | β | 0 |
| CVE-2020-35904 An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there ar... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-35792 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68. | 8.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.