CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2020-6360 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailab... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-6361 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavaila... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-14384 A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple ... | 7.5 | HIGH | — | 0 |
| CVE-2020-9727 A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resu... | 7.8 | HIGH | — | 0 |
| CVE-2020-24074 The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24194 A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-24197 A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6311 Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenti... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-15785 A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-6324 SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the vict... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-1749 A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kern... | 7.5 | HIGH | — | 0 |
| CVE-2020-24195 An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | 9.1 | CRITICAL | — | 0 |
| CVE-2020-24198 A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | 6.1 | MEDIUM | — | 0 |
| CVE-2020-24199 Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0290 In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for ... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-11986 To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24566 In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to ru... | 7.5 | HIGH | — | 0 |
| CVE-2020-25211 In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctne... | 6.0 | MEDIUM | — | 0 |
| CVE-2020-25212 A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs... | 7.0 | HIGH | — | 0 |
| CVE-2020-15791 A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATI... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-14292 In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection ov... | 5.7 | MEDIUM | — | 0 |
| CVE-2020-2036 A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the fire... | 8.8 | HIGH | — | 0 |
| CVE-2020-2037 An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 ... | 7.2 | HIGH | — | 0 |
| CVE-2020-2038 An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 ... | 7.2 | HIGH | — | 0 |
| CVE-2020-2044 An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS soft... | 3.3 | LOW | — | 0 |
| CVE-2020-2039 An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not pro... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-2040 A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to t... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-2041 An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service... | 7.5 | HIGH | — | 0 |
| CVE-2020-2042 A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This... | 7.2 | HIGH | — | 0 |
| CVE-2020-2043 An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail c... | 3.3 | LOW | — | 0 |
| CVE-2020-7068 In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which c... | 4.8 | MEDIUM | — | 0 |
| CVE-2018-17765 Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.8 | MEDIUM | — | 0 |
| CVE-2018-17766 Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | 4.6 | MEDIUM | — | 0 |
| CVE-2018-17767 Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.8 | MEDIUM | — | 0 |
| CVE-2018-17768 Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.8 | MEDIUM | — | 0 |
| CVE-2018-17769 Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.6 | MEDIUM | — | 0 |
| CVE-2018-17770 Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.6 | MEDIUM | — | 0 |
| CVE-2018-17771 Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.6 | MEDIUM | — | 0 |
| CVE-2018-17772 Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.8 | MEDIUM | — | 0 |
| CVE-2018-17773 Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.8 | MEDIUM | — | 0 |
| CVE-2018-17774 Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | 6.8 | MEDIUM | — | 0 |
| CVE-2020-10049 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to inclu... | 7.3 | HIGH | — | 0 |
| CVE-2020-10050 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include ... | 7.8 | HIGH | — | 0 |
| CVE-2020-10051 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is ... | 7.8 | HIGH | — | 0 |
| CVE-2020-10056 A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server whil... | 7.8 | HIGH | — | 0 |
| CVE-2020-15784 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-20406 A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom at... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-15786 A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), S... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15787 A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be trunca... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15788 A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If ... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.