Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-4658 IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-4904 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions tr... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-4905 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an ... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-4906 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. | 3.3 | LOW | — | 0 |
| CVE-2020-4907 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the b... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4908 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-35187 The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the dock... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35189 The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-29436 Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.2... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-35184 The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remo... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35186 The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35190 The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of th... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35191 The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the doc... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35192 The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote at... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35195 The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docke... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35196 The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected v... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35197 The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the d... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25094 LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25095 LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session,... | 8.8 | HIGH | — | 0 |
| CVE-2020-25096 LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact w... | 8.8 | HIGH | — | 0 |
| CVE-2020-35917 An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-25010 An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script f... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25011 A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and pas... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35123 In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-27199 The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication functio... | 7.5 | HIGH | — | 0 |
| CVE-2020-29652 A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | 7.5 | HIGH | — | 0 |
| CVE-2020-15294 Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memor... | 7.8 | HIGH | — | 0 |
| CVE-2020-35177 HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-35453 HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-22083 jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15292 Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it cou... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-15293 Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-20142 Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-35489 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | 10.0 | CRITICAL | — | 0 |
| CVE-2020-35490 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | 8.1 | HIGH | — | 0 |
| CVE-2020-35491 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | 8.1 | HIGH | — | 0 |
| CVE-2020-4845 IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-8463 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | 7.5 | HIGH | — | 0 |
| CVE-2020-4846 IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information coul... | 2.7 | LOW | — | 0 |
| CVE-2020-26276 Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted do... | 10.0 | CRITICAL | — | 0 |
| CVE-2020-35545 Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27010 A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate ... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-8461 A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without ... | 8.8 | HIGH | — | 0 |
| CVE-2020-8462 A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | 4.8 | MEDIUM | — | 0 |
| CVE-2020-20140 Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-8464 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin i... | 7.5 | HIGH | — | 0 |
| CVE-2020-8465 A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authenticati... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8466 A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12517 On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vul... | 8.8 | HIGH | — | 0 |
| CVE-2020-12518 On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.