Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-9255 Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter wh... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-9257 HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer over... | 8.8 | HIGH | β | 0 |
| CVE-2020-15879 Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, ... | 7.5 | HIGH | β | 0 |
| CVE-2020-9259 Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from t... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-9101 There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insu... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-9256 Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by appli... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-15009 AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code... | 7.8 | HIGH | β | 0 |
| CVE-2020-4361 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-4466 IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-24162 The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | 7.8 | HIGH | β | 0 |
| CVE-2020-4527 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmiss... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-12029 All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoin... | 9.0 | CRITICAL | β | 0 |
| CVE-2020-14484 OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the systemβs account lockout protection, which may allow brute force password attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14485 OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execu... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14491 OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-14494 OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow un... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-17450 PHP-Fusion 9.03 allows XSS on the preview page. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-8205 The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact... | 7.5 | HIGH | β | 0 |
| CVE-2020-8215 A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. | 8.8 | HIGH | β | 0 |
| CVE-2020-12027 All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissa... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-12028 In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce a... | 7.3 | HIGH | β | 0 |
| CVE-2020-12031 In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for... | 7.5 | HIGH | β | 0 |
| CVE-2020-25123 The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. | 4.8 | MEDIUM | β | 0 |
| CVE-2020-7680 docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of valida... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-8214 A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. | 7.5 | HIGH | β | 0 |
| CVE-2020-15052 An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. | 7.5 | HIGH | β | 0 |
| CVE-2020-15053 An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-15111 In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an atta... | 4.2 | MEDIUM | β | 0 |
| CVE-2020-15118 In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard f... | 5.7 | MEDIUM | β | 0 |
| CVE-2020-15121 In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger t... | 7.4 | HIGH | β | 0 |
| CVE-2020-15123 In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly w... | 9.3 | CRITICAL | β | 0 |
| CVE-2020-3481 A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition ... | 7.5 | HIGH | β | 0 |
| CVE-2020-6871 The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6872 The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefi... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-15852 An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs be... | 7.8 | HIGH | β | 0 |
| CVE-2020-1776 When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affect... | 3.5 | LOW | β | 0 |
| CVE-2020-3442 The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConne... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-6100 An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-6101 An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file t... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-6102 An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-6103 An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-7516 A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | 7.8 | HIGH | β | 0 |
| CVE-2020-13932 In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into t... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-4125 Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to conf... | 8.1 | HIGH | β | 0 |
| CVE-2018-21036 Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request... | 7.5 | HIGH | β | 0 |
| CVE-2020-12432 The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead t... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-12499 In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | 8.2 | HIGH | β | 0 |
| CVE-2020-15866 mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15859 QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. | 3.3 | LOW | β | 0 |
| CVE-2016-7063 A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.