Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-26537 An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes a... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7162 A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26535 An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7163 A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7164 A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14841 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7165 A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7166 A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0333 In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploit... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7167 A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7168 A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7169 A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-1999-0199 manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dang... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7147 A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7148 A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7149 A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7150 A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27156 Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24626 Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14517 Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server) and the server accepts ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-4499 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applicatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26100 chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8712 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24698 An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12500 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12501 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12504 Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-1907 A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, an... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35244 Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27158 Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25132 An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malfor... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17640 In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctl... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12126 Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26944 An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14509 Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted pac... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24653 secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12125 A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without a... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15906 tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12124 A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without aut... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19513 The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure i... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15374 Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11856 Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affect... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8716 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9864 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11857 An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admi... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-18106 The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0380 In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. Use... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26539 An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur w... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27615 The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.