CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2020-8615 A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitim... | 6.5 | MEDIUM | — | 0 |
| CVE-2015-2802 An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem C... | 7.5 | HIGH | — | 0 |
| CVE-2019-10786 network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10787 im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-12528 An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions ... | 7.5 | HIGH | — | 0 |
| CVE-2020-5208 It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote cod... | 7.7 | HIGH | — | 0 |
| CVE-2020-5237 Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to ... | 8.8 | HIGH | — | 0 |
| CVE-2020-8631 cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice functi... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-46547 A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validat... | 7.5 | HIGH | — | 0 |
| CVE-2020-8632 In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-7216 An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. | 7.5 | HIGH | — | 0 |
| CVE-2020-7979 GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 5.3 | MEDIUM | — | 0 |
| CVE-2020-8114 GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 9.8 | CRITICAL | — | 0 |
| CVE-2013-0507 IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2019-16203 Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | 7.5 | HIGH | — | 0 |
| CVE-2019-16204 Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | 7.5 | HIGH | — | 0 |
| CVE-2019-4613 IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM ... | 8.8 | HIGH | — | 0 |
| CVE-2019-4616 IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or... | 3.5 | LOW | — | 0 |
| CVE-2019-4670 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-7966 GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | 7.5 | HIGH | — | 0 |
| CVE-2020-7967 GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). | 4.3 | MEDIUM | — | 0 |
| CVE-2020-7968 GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | 7.5 | HIGH | — | 0 |
| CVE-2020-7969 GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | 7.5 | HIGH | — | 0 |
| CVE-2020-7971 GitLab EE 11.0 and later through 12.7.2 allows XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-7978 GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | 7.5 | HIGH | — | 0 |
| CVE-2020-7972 GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | 7.5 | HIGH | — | 0 |
| CVE-2020-7973 GitLab through 12.7.2 allows XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-7974 GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-7976 GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-7977 GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47579 An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file ... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-8506 The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-8507 The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. | 7.5 | HIGH | — | 0 |
| CVE-2019-11516 An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-base... | 8.1 | HIGH | — | 0 |
| CVE-2019-12180 An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to exe... | 7.8 | HIGH | — | 0 |
| CVE-2019-15126 An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper lay... | 3.1 | LOW | — | 0 |
| CVE-2020-6754 dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6833 An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | 7.5 | HIGH | — | 0 |
| CVE-2013-2675 Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-0102 IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission wit... | 8.1 | HIGH | — | 0 |
| CVE-2020-3110 A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cau... | 8.8 | HIGH | — | 0 |
| CVE-2010-4662 PmWiki before 2.2.21 has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-3111 A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload ... | 8.8 | HIGH | — | 0 |
| CVE-2020-3119 A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected dev... | 8.8 | HIGH | — | 0 |
| CVE-2020-3120 A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a rel... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-3123 A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service c... | 7.5 | HIGH | — | 0 |
| CVE-2020-3149 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) atta... | 4.8 | MEDIUM | — | 0 |
| CVE-2010-4815 Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2015-5626 Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP E... | 9.8 | CRITICAL | — | 0 |
| CVE-2015-5627 Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP E... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.