Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-3756 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful e... | 7.5 | HIGH | — | 0 |
| CVE-2020-3757 Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead t... | 8.8 | HIGH | — | 0 |
| CVE-2020-3759 Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. | 7.5 | HIGH | — | 0 |
| CVE-2020-3760 Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-3762 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-3763 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7051 Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-8614 An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8800 SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | 8.8 | HIGH | — | 0 |
| CVE-2020-8801 SuiteCRM through 7.11.11 allows PHAR Deserialization. | 7.2 | HIGH | — | 0 |
| CVE-2020-8802 SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8803 SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8804 SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | 6.5 | MEDIUM | — | 0 |
| CVE-2012-1500 Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. | 5.4 | MEDIUM | — | 0 |
| CVE-2012-1903 XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2014-4198 A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user ... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-10785 dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrenc... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-0560 Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local acce... | 7.8 | HIGH | — | 0 |
| CVE-2020-8981 A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution o... | 6.1 | MEDIUM | — | 0 |
| CVE-2012-5623 Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | 7.5 | HIGH | — | 0 |
| CVE-2014-3919 A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | 9.3 | CRITICAL | — | 0 |
| CVE-2014-4170 A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain acc... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14598 Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to pot... | 6.7 | MEDIUM | — | 0 |
| CVE-2020-0561 Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-0562 Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-0563 Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-0564 Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2012-6091 Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. | 7.5 | HIGH | — | 0 |
| CVE-2015-3309 Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot... | 7.5 | HIGH | — | 0 |
| CVE-2013-1400 Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResu... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-1401 Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and dele... | 9.8 | CRITICAL | — | 0 |
| CVE-2015-6589 Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote auth... | 8.8 | HIGH | — | 0 |
| CVE-2019-3998 Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-14950 aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the settin... | 8.8 | HIGH | — | 0 |
| CVE-2020-8988 The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover logi... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-8989 In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which... | 5.3 | MEDIUM | — | 0 |
| CVE-2013-1634 A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing ... | 7.5 | HIGH | — | 0 |
| CVE-2014-1617 Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. | 6.5 | MEDIUM | — | 0 |
| CVE-2013-6277 QNAP VioCard 300 has hardcoded RSA private keys. | 7.5 | HIGH | — | 0 |
| CVE-2013-6360 TRENDnet TS-S402 has a backdoor to enable TELNET. | 7.5 | HIGH | — | 0 |
| CVE-2022-47429 Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page... | 5.3 | MEDIUM | — | 0 |
| CVE-2013-6362 Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-6927 Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. | 5.5 | MEDIUM | — | 0 |
| CVE-2013-7098 OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-7173 Belkin n750 routers have a buffer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-7287 MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-4791 PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | 5.4 | MEDIUM | — | 0 |
| CVE-2013-4792 PrestaShop before 1.4.11 allows logout CSRF. | 5.5 | MEDIUM | — | 0 |
| CVE-2013-5212 Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. | 6.1 | MEDIUM | — | 0 |
| CVE-2013-5687 RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.