Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-36179 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | 8.1 | HIGH | — | 0 |
| CVE-2020-36180 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | 8.1 | HIGH | — | 0 |
| CVE-2020-36182 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | 8.1 | HIGH | — | 0 |
| CVE-2020-36183 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | 8.1 | HIGH | — | 0 |
| CVE-2020-24900 The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-24902 Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially craf... | 4.7 | MEDIUM | — | 0 |
| CVE-2020-24903 Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a speci... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-26768 Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper validation of user supplied input in the upload-target.php and upload-chunked.php files. A r... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-26971 Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox... | 8.8 | HIGH | — | 0 |
| CVE-2020-26972 The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check wa... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-11008 An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 5.5 | MEDIUM | — | 0 |
| CVE-2018-11009 A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 7.8 | HIGH | — | 0 |
| CVE-2018-11010 A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | 7.8 | HIGH | — | 0 |
| CVE-2018-11246 K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak. | 7.5 | HIGH | — | 0 |
| CVE-2020-24003 Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access b... | 3.3 | LOW | — | 0 |
| CVE-2018-8044 K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. | 7.8 | HIGH | — | 0 |
| CVE-2018-8724 K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. | 7.8 | HIGH | — | 0 |
| CVE-2018-8725 K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. | 7.8 | HIGH | — | 0 |
| CVE-2018-8726 K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. | 7.8 | HIGH | — | 0 |
| CVE-2018-9332 K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). | 7.8 | HIGH | — | 0 |
| CVE-2018-9333 K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. | 7.8 | HIGH | — | 0 |
| CVE-2019-3405 In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause oth... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-17534 There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has re... | 7.0 | HIGH | — | 0 |
| CVE-2020-23960 Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of... | 8.8 | HIGH | — | 0 |
| CVE-2020-25659 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | 5.9 | MEDIUM | — | 0 |
| CVE-2020-27275 Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | — | 0 |
| CVE-2020-27277 Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | — | 0 |
| CVE-2020-27281 A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 and prior when processing specially crafted project files, which may allow an attacker to execute arb... | 7.8 | HIGH | — | 0 |
| CVE-2020-27287 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | — | 0 |
| CVE-2020-27289 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | — | 0 |
| CVE-2020-27291 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | — | 0 |
| CVE-2020-27293 Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | — | 0 |
| CVE-2020-35701 An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter... | 8.8 | HIGH | — | 0 |
| CVE-2021-23253 Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With th... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4869 IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-13559 A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An att... | 7.5 | HIGH | — | 0 |
| CVE-2020-24025 Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-23935 OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-26298 Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-23631 Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-24027 In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-27059 In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privileg... | 7.8 | HIGH | — | 0 |
| CVE-2021-0342 In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is n... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0322 In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privi... | 5.0 | MEDIUM | — | 0 |
| CVE-2021-21241 The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of F... | 7.4 | HIGH | — | 0 |
| CVE-2020-0471 In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalat... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-0301 In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed ... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0303 In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escal... | 7.0 | HIGH | — | 0 |
| CVE-2021-0304 In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User ex... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-4674 IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.