Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-18625 Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-12017 GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The deviceβs vulnerability in the web application could allow multiple unauthenticated attacks that c... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13759 rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects ... | 7.5 | HIGH | β | 0 |
| CVE-2020-2193 Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-7662 websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string p... | 7.5 | HIGH | β | 0 |
| CVE-2020-7663 websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string ... | 7.5 | HIGH | β | 0 |
| CVE-2020-13760 In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. | 8.8 | HIGH | β | 0 |
| CVE-2020-13761 In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-13762 In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-4193 IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13763 In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | 7.5 | HIGH | β | 0 |
| CVE-2020-13764 common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. | 7.5 | HIGH | β | 0 |
| CVE-2020-13775 ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-20810 go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-4026 The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-20811 An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-20812 An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a cert... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-1963 Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. | 9.1 | CRITICAL | β | 0 |
| CVE-2020-2190 Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulne... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-2191 Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-2192 A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-2194 Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-2195 Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/C... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-2196 Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 8.0 | HIGH | β | 0 |
| CVE-2020-2197 Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-2198 Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-2199 Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulner... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-12773 A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the ... | 9.6 | CRITICAL | β | 0 |
| CVE-2020-2200 Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerabili... | 8.8 | HIGH | β | 0 |
| CVE-2020-7115 The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remo... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7116 The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then e... | 7.2 | HIGH | β | 0 |
| CVE-2020-7117 The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then e... | 7.2 | HIGH | β | 0 |
| CVE-2020-4180 IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability... | 8.8 | HIGH | β | 0 |
| CVE-2020-10516 An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories wit... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10749 A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A ma... | 6.0 | MEDIUM | β | 0 |
| CVE-2020-13254 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collisi... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-13596 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility o... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-4177 IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4182 IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-4187 IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-4190 IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to externa... | 6.7 | MEDIUM | β | 0 |
| CVE-2020-4307 IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-20809 The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate th... | 7.5 | HIGH | β | 0 |
| CVE-2020-12846 Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upl... | 8.0 | HIGH | β | 0 |
| CVE-2020-13597 Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with suffici... | 6.0 | MEDIUM | β | 0 |
| CVE-2020-13782 D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | 8.8 | HIGH | β | 0 |
| CVE-2020-13783 D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | 7.5 | HIGH | β | 0 |
| CVE-2020-13784 D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | 7.5 | HIGH | β | 0 |
| CVE-2020-13785 D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | 7.5 | HIGH | β | 0 |
| CVE-2020-13786 D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.