CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-20830 An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20831 An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash. | 7.5 | HIGH | β | 0 |
| CVE-2019-20832 An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-20833 An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. | 7.5 | HIGH | β | 0 |
| CVE-2019-20835 An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-20836 An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. | 7.5 | HIGH | β | 0 |
| CVE-2019-20837 An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. | 7.5 | HIGH | β | 0 |
| CVE-2020-10702 A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-13829 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020). | 7.5 | HIGH | β | 0 |
| CVE-2020-13830 An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). | 7.5 | HIGH | β | 0 |
| CVE-2020-13831 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-166... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13833 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (Ju... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-13834 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary ins... | 7.5 | HIGH | β | 0 |
| CVE-2020-13835 An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13836 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). | 7.5 | HIGH | β | 0 |
| CVE-2020-13837 An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). | 3.5 | LOW | β | 0 |
| CVE-2020-13838 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 ... | 3.5 | LOW | β | 0 |
| CVE-2020-7661 all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service. | 7.5 | HIGH | β | 0 |
| CVE-2023-49196 Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-11679 Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted... | 8.8 | HIGH | β | 0 |
| CVE-2020-11680 Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a nor... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-11681 Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credent... | 8.1 | HIGH | β | 0 |
| CVE-2020-11682 Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this t... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-13768 In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-198... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12847 Pydio Cells 2.0.4 web application offers an administrative console named βCells Consoleβ that is available to users with an administrator role. This console provides an administrator user with the pos... | 7.2 | HIGH | β | 0 |
| CVE-2020-12851 Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another userβs personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging ... | 8.1 | HIGH | β | 0 |
| CVE-2020-12852 The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves down... | 6.8 | MEDIUM | β | 0 |
| CVE-2020-12853 Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-13848 Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServic... | 7.5 | HIGH | β | 0 |
| CVE-2020-13849 The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the abilit... | 7.5 | HIGH | β | 0 |
| CVE-2020-13839 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13840 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-20000... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13841 An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13842 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (J... | 7.8 | HIGH | β | 0 |
| CVE-2020-13843 An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID i... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-12848 In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous us... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-49754 Missing Authorization vulnerability in Yogesh Pawar, Clarion Technologies Bulk Edit Post Titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Pos... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-12849 Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated U... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | 8.2 | HIGH | β | 0 |
| CVE-2020-10878 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of ins... | 8.6 | HIGH | β | 0 |
| CVE-2020-11492 An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connec... | 7.8 | HIGH | β | 0 |
| CVE-2020-11975 Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12723 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | 7.5 | HIGH | β | 0 |
| CVE-2020-1883 Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Success... | 4.9 | MEDIUM | β | 0 |
| CVE-2020-9074 Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-4229 IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. I... | 7.3 | HIGH | β | 0 |
| CVE-2020-10061 Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and ve... | 8.1 | HIGH | β | 0 |
| CVE-2020-4448 IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4449 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force I... | 7.5 | HIGH | β | 0 |
| CVE-2020-4450 IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: ... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.