CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2020-7568 A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-7569 A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to uplo... | 8.8 | HIGH | — | 0 |
| CVE-2020-7570 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an aut... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-7571 A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could ... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-7572 A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able t... | 8.8 | HIGH | — | 0 |
| CVE-2020-35913 An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. | 4.7 | MEDIUM | — | 0 |
| CVE-2020-5668 Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/12... | 7.5 | HIGH | — | 0 |
| CVE-2020-4739 IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to exec... | 7.8 | HIGH | — | 0 |
| CVE-2020-4937 IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Forc... | 7.5 | HIGH | — | 0 |
| CVE-2020-19667 Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. | 7.8 | HIGH | — | 0 |
| CVE-2020-25839 NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-28877 Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620,... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7842 Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. ... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-26236 In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation w... | 7.5 | HIGH | — | 0 |
| CVE-2020-28974 A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs b... | 5.0 | MEDIUM | — | 0 |
| CVE-2020-25189 The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-20739 im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-20740 PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). | 7.8 | HIGH | — | 0 |
| CVE-2020-28845 A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. | 7.8 | HIGH | — | 0 |
| CVE-2020-25185 The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | 8.8 | HIGH | — | 0 |
| CVE-2020-25725 In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a pre... | 5.0 | MEDIUM | — | 0 |
| CVE-2020-5797 UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limi... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-14230 HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a speciall... | 7.5 | HIGH | — | 0 |
| CVE-2020-14234 HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to r... | 7.5 | HIGH | — | 0 |
| CVE-2020-14258 HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially... | 7.5 | HIGH | — | 0 |
| CVE-2020-28975 svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced ... | 7.5 | HIGH | — | 0 |
| CVE-2020-27985 Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/... | 7.8 | HIGH | — | 0 |
| CVE-2020-28053 HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-7925 Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service.... | 7.5 | HIGH | — | 0 |
| CVE-2020-7926 A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects MongoDB... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-20802 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 ve... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-20804 A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and Mongo... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-20805 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-14559 Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 | HIGH | — | 0 |
| CVE-2019-14562 Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | — | 0 |
| CVE-2019-20923 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to ... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-20924 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects MongoDB Server... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-2392 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB I... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-2393 A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects MongoDB Server v4.2 versions prio... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-1778 When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions. | 4.1 | MEDIUM | — | 0 |
| CVE-2020-28421 CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | 7.8 | HIGH | — | 0 |
| CVE-2020-7777 This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is ... | 7.2 | HIGH | — | 0 |
| CVE-2019-14563 Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2019-14575 Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2019-14586 Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | 8.0 | HIGH | — | 0 |
| CVE-2019-14587 Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-28976 The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subd... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-28977 The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-28978 The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomai... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-29384 An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.