Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-0123 There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374 | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25257 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25258 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25259 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14096 Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25260 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitr... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14188 The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a speciall... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25207 JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14100 In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0445 There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527 | 9.8 | CRITICAL | — | 0 |
| CVE-2020-5656 Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or befo... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0229 There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725 | 9.8 | CRITICAL | — | 0 |
| CVE-2020-23653 An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary r... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27422 In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35458 An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routi... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26712 REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not valid... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-5653 Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36520 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42627 The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and als... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37199 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37223 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39815 The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this r... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37066 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateDDNS. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37067 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37068 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37069 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSnat. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37070 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37071 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOne2One. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37072 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37073 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35150 Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37134 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which doe... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37087 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34858 Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-20122 The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this r... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34149 Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37085 H3C H200 H200V100R004 was discovered to contain a stack overflow via the AddWlanMacList function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37086 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24026 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-38667 HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Conne... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36572 Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42232 TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34919 The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary comm... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-35733 Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versi... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36514 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function WanModeSetMultiWan. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2070 In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could cre... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36515 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactionlist. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36516 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_version_check. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2025 an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explot... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36517 H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function debug_wlan_advance. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.