CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-20762 Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST ... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-5266 In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0 | 4.4 | MEDIUM | — | 0 |
| CVE-2020-5273 In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0 | 4.1 | MEDIUM | — | 0 |
| CVE-2020-5294 PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 | 4.1 | MEDIUM | — | 0 |
| CVE-2019-7306 Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu | 4.3 | MEDIUM | — | 0 |
| CVE-2020-11872 The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. | 7.5 | HIGH | — | 0 |
| CVE-2020-10813 A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet. | 7.5 | HIGH | — | 0 |
| CVE-2019-2056 There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User inte... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-10947 Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | 8.8 | HIGH | — | 0 |
| CVE-2020-11793 A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memor... | 8.8 | HIGH | — | 0 |
| CVE-2019-12001 A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE ... | 6.4 | MEDIUM | — | 0 |
| CVE-2019-12002 A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20769 An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MO... | 7.8 | HIGH | — | 0 |
| CVE-2019-20771 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is L... | 7.5 | HIGH | — | 0 |
| CVE-2019-20772 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007 (August 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20773 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is ... | 7.8 | HIGH | — | 0 |
| CVE-2019-20774 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (Aug... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-20775 An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LV... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-33324 Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-20776 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019). | 5.5 | MEDIUM | — | 0 |
| CVE-2019-20777 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20778 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their input. The LG ID is... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20779 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 20... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-20780 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sour... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20782 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. LG Advanced Flash (LAF) has a buffer overflow. The LG ID is LVE-SMP-190001 (March 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20783 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key A... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-20784 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-20785 An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 201... | 6.8 | MEDIUM | — | 0 |
| CVE-2019-4446 IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-4277 IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993. | 7.5 | HIGH | — | 0 |
| CVE-2019-4644 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-4749 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-11873 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11874 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020). | 7.5 | HIGH | — | 0 |
| CVE-2020-11875 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gai... | 7.8 | HIGH | — | 0 |
| CVE-2023-33928 Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: f... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-11878 The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-6203 A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept netw... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11879 An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach l... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-11880 An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-7079 An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. | 7.8 | HIGH | — | 0 |
| CVE-2020-7080 A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it. | 7.8 | HIGH | — | 0 |
| CVE-2020-5730 In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-0067 In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. Us... | 4.4 | MEDIUM | — | 0 |
| CVE-2020-0068 In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges need... | 4.4 | MEDIUM | — | 0 |
| CVE-2020-0070 In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional executio... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0071 In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional exec... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0072 In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-5731 In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-0073 In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.