Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-25257 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25258 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25259 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14096 Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25260 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitr... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20917 An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with t... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-20918 An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user abl... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-25269 An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-24164 A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary cod... | 7.8 | HIGH | — | 0 |
| CVE-2020-14100 In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15802 Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated u... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-16212 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. T... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-9239 Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions ear... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-19946 The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by inter... | 4.2 | MEDIUM | — | 0 |
| CVE-2020-0229 There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725 | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15166 In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and conn... | 7.5 | HIGH | — | 0 |
| CVE-2020-15169 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default ... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-25276 An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerab... | 7.3 | HIGH | — | 0 |
| CVE-2020-0921 Microsoft Graphics Component Denial of Service Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2020-25728 The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. | 8.8 | HIGH | — | 0 |
| CVE-2020-14330 An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the l... | 5.0 | MEDIUM | — | 0 |
| CVE-2020-14332 A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unaut... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-14363 An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, re... | 7.8 | HIGH | — | 0 |
| CVE-2013-7490 An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | 5.3 | MEDIUM | — | 0 |
| CVE-2013-7491 An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | 5.3 | MEDIUM | — | 0 |
| CVE-2014-10401 An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-23824 ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credent... | 8.8 | HIGH | — | 0 |
| CVE-2020-25278 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted J... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25279 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25280 An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. T... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-25281 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle un... | 7.5 | HIGH | — | 0 |
| CVE-2020-25283 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-25284 The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map o... | 4.1 | MEDIUM | — | 0 |
| CVE-2020-25285 A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-25286 In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-25287 Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Ope... | 7.2 | HIGH | — | 0 |
| CVE-2020-25289 The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). | 5.5 | MEDIUM | — | 0 |
| CVE-2020-21731 Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the we... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-21732 Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-21733 Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-7807 A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing S... | 5.6 | MEDIUM | — | 0 |
| CVE-2020-24660 An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also aff... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-21527 There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directo... | 7.7 | HIGH | — | 0 |
| CVE-2020-25540 ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | 7.5 | HIGH | — | 0 |
| CVE-2018-20432 D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11683 A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected syste... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-11684 AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these... | 9.1 | CRITICAL | — | 0 |
| CVE-2020-12787 Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | 7.5 | HIGH | — | 0 |
| CVE-2020-0387 In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no add... | 7.8 | HIGH | — | 0 |
| CVE-2020-12788 CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.