Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-7524 Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending ... | 7.5 | HIGH | — | 0 |
| CVE-2020-7525 Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a pass... | 7.5 | HIGH | — | 0 |
| CVE-2020-7526 Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. | 8.8 | HIGH | — | 0 |
| CVE-2020-7194 A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 | HIGH | — | 0 |
| CVE-2020-7527 Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and se... | 7.8 | HIGH | — | 0 |
| CVE-2020-14364 An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' excee... | 5.0 | MEDIUM | — | 0 |
| CVE-2020-24354 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | 8.8 | HIGH | — | 0 |
| CVE-2020-2075 Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LM... | 7.5 | HIGH | — | 0 |
| CVE-2020-25046 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-1... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-25047 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a lock... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-7715 All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25049 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25050 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020). | 7.5 | HIGH | — | 0 |
| CVE-2020-25051 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020). | 7.5 | HIGH | — | 0 |
| CVE-2020-25052 An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25053 An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25054 An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-1... | 9.1 | CRITICAL | — | 0 |
| CVE-2020-25055 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin res... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25056 An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-... | 7.5 | HIGH | — | 0 |
| CVE-2020-25058 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25059 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020)... | 7.5 | HIGH | — | 0 |
| CVE-2020-25060 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020). | 7.8 | HIGH | — | 0 |
| CVE-2020-25061 An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25062 An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25063 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE... | 7.5 | HIGH | — | 0 |
| CVE-2020-7716 All versions of package deeps are vulnerable to Prototype Pollution via the set function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25064 An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August ... | 7.5 | HIGH | — | 0 |
| CVE-2020-25065 An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010... | 7.5 | HIGH | — | 0 |
| CVE-2020-15704 The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment va... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-25067 NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. | 9.6 | CRITICAL | — | 0 |
| CVE-2020-14178 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected... | 7.5 | HIGH | — | 0 |
| CVE-2020-12776 Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. | 6.6 | MEDIUM | — | 0 |
| CVE-2020-7719 Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7720 The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7721 All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7722 All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7723 All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7724 All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7725 All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7726 All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7727 All versions of package gedi are vulnerable to Prototype Pollution via the set function. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7195 A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 | HIGH | — | 0 |
| CVE-2018-12475 A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-8023 A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise D... | 7.7 | HIGH | — | 0 |
| CVE-2020-24583 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level di... | 7.5 | HIGH | — | 0 |
| CVE-2020-24584 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's sta... | 7.5 | HIGH | — | 0 |
| CVE-2020-14514 All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental condi... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-24554 The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by m... | 7.5 | HIGH | — | 0 |
| CVE-2020-6129 SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An at... | 8.8 | HIGH | — | 0 |
| CVE-2020-2238 Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by ... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.