Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-10917 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific fl... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10920 This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit th... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10921 This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulne... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15916 goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15917 common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15391 The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15801 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9838 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15543 SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15477 The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10282 The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15492 An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem acce... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11624 An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11856 Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affect... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-1907 A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, an... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9850 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2,... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15367 Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15920 There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15411 An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15921 Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11857 An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admi... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15922 There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20893 An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12720 vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12460 OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a spec... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18922 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket fra... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6265 SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been config... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15542 SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-16088 iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-13919 emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12735 reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10638 Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, w... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-13916 A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. This affects C110, E510, H320... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-13917 rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15900 A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'pos... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15420 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-el7-0.9.8.891. Authentication is not required to exploit this vulnerability. The ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12002 Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12006 Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9669 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15421 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15422 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12022 Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15423 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The ... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-6446 A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocume... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15424 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15425 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25273 In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9670 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14068 An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15324 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.