Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-10058 Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zep... | 7.8 | HIGH | β | 0 |
| CVE-2020-10059 The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DT... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-10060 In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would ref... | 8.0 | HIGH | β | 0 |
| CVE-2020-10067 A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from de... | 7.5 | HIGH | β | 0 |
| CVE-2020-11071 SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet co... | 8.6 | HIGH | β | 0 |
| CVE-2020-11072 In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow ... | 8.6 | HIGH | β | 0 |
| CVE-2020-1939 The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereferenc... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8151 There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak info... | 7.5 | HIGH | β | 0 |
| CVE-2020-8153 Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | 8.1 | HIGH | β | 0 |
| CVE-2020-8154 An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 7.7 | HIGH | β | 0 |
| CVE-2020-8155 An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-8156 A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | 7.0 | HIGH | β | 0 |
| CVE-2020-1718 A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application. | 7.1 | HIGH | β | 0 |
| CVE-2020-8159 There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can wr... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4478 IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-10706 A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAu... | 6.3 | MEDIUM | β | 0 |
| CVE-2020-1763 An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially... | 7.5 | HIGH | β | 0 |
| CVE-2020-4195 IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-4346 IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-5248 GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this... | 7.2 | HIGH | β | 0 |
| CVE-2020-5896 On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. | 7.8 | HIGH | β | 0 |
| CVE-2020-5897 In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. | 8.8 | HIGH | β | 0 |
| CVE-2020-5898 In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoContro... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-11932 It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. | 2.3 | LOW | β | 0 |
| CVE-2020-12823 OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12825 libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | 7.1 | HIGH | β | 0 |
| CVE-2020-1746 A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5... | 5.0 | MEDIUM | β | 0 |
| CVE-2020-6240 SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a serv... | 7.5 | HIGH | β | 0 |
| CVE-2020-6241 SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. | 8.8 | HIGH | β | 0 |
| CVE-2020-6242 SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6243 Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the exten... | 8.8 | HIGH | β | 0 |
| CVE-2020-6245 SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Contr... | 6.7 | MEDIUM | β | 0 |
| CVE-2020-6247 SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attack... | 7.5 | HIGH | β | 0 |
| CVE-2020-6248 SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code ex... | 7.2 | HIGH | β | 0 |
| CVE-2020-12826 A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a ... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-6249 The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the b... | 8.8 | HIGH | β | 0 |
| CVE-2020-6250 SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leadi... | 6.8 | MEDIUM | β | 0 |
| CVE-2020-6251 Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-6252 Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information ... | 8.0 | HIGH | β | 0 |
| CVE-2020-6253 Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify datab... | 7.2 | HIGH | β | 0 |
| CVE-2020-6254 SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Sit... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-6256 SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authoriza... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-6257 SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-6258 SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to M... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-6259 Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-6262 Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by ... | 8.8 | HIGH | β | 0 |
| CVE-2020-12700 The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-11060 In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a ... | 7.4 | HIGH | β | 0 |
| CVE-2020-11062 In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6. | 6.0 | MEDIUM | β | 0 |
| CVE-2020-12772 An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.