Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-25258 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25257 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-24355 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with el... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6144 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code int... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6143 A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code int... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6142 A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP reques... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6140 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6139 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6138 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6137 SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-5777 MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger t... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25069 USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6151 A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-16204 The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versi... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21087 An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. Th... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6141 An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to t... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11600 An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11603 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7727 All versions of package gedi are vulnerable to Prototype Pollution via the set function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7726 All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21038 An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7725 All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7724 All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7723 All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7722 All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21042 An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7721 All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7720 The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7719 Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21044 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7716 All versions of package deeps are vulnerable to Prototype Pollution via the set function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11849 Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposu... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25061 An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020). | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21049 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25058 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 ... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21050 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsun... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21051 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Sams... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21052 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25055 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin res... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21054 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21057 An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-1... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21058 An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25053 An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25052 An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25049 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7715 All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21063 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21064 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018). | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21065 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 ... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21066 An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.