CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-5531 Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 211... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-4335 opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20567 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A up_parm heap overflow leads to code execution in the bootloader. The Samsung ID is SVE-2... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20588 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEM Trustlet, leading to arbitrary code execution. The Samsung ID is SV... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20566 An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20611 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8840 FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-4267 Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSCo... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-5945 Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10593 Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14514 An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20563 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-3934 TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10594 Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6995 In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unaut... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8427 In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9006 The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data wi... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10612 UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute, Snapd... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10789 All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-3738 A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20562 An issue was discovered on Samsung mobile devices with P(9.0) (with TEEGRIS) software. There is a buffer overflow in the BIOSUB Trustlet. The Samsung ID is SVE-2019-15264 (October 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10802 giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15609 The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10546 Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Co... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-1607 Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2016-4606 Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass s... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9352 An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a v... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6985 In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8129 An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2015-6922 Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20561 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20560 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The BIOSUB Trustlet has an out of bounds write. The Samsung ID is SVE-2019-15261 (October 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20558 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (O... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20556 An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to contr... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20587 An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20553 An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-3805 Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free v... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9550 Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20607 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keyma... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20549 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20548 An issue was discovered on Samsung mobile devices with P(9.0) devices (Qualcomm chipsets) software. There is a buffer overflow in the bootloader. The Samsung ID is SVE-2019-15399 (November 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10803 push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14031 Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elec... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19607 A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session paramete... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9757 The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10850 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code e... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11343 Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-1401 Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and dele... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10849 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on th... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20622 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019). | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.