Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-4090 "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4091 "HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious c... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-0120 In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional executio... | 7.8 | HIGH | — | 0 |
| CVE-2020-0305 In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-7718 All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0122 In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of pri... | 6.7 | MEDIUM | — | 0 |
| CVE-2020-0224 In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no add... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0225 In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additi... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-0226 In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional exec... | 7.8 | HIGH | — | 0 |
| CVE-2020-0227 In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data ... | 7.8 | HIGH | — | 0 |
| CVE-2020-0228 There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723 | 7.5 | HIGH | — | 0 |
| CVE-2020-0230 There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262 | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15108 In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1. | 7.1 | HIGH | — | 0 |
| CVE-2020-15110 In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. Th... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-4104 HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects all versi... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-5756 Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrar... | 8.8 | HIGH | — | 0 |
| CVE-2020-5757 Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute co... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-5769 Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-si... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-5758 Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a craf... | 8.8 | HIGH | — | 0 |
| CVE-2020-5759 Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a speci... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-12000 HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. ... | 6.6 | MEDIUM | — | 0 |
| CVE-2020-10605 Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. | 7.5 | HIGH | — | 0 |
| CVE-2020-5767 Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted li... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-5768 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to d... | 4.9 | MEDIUM | — | 0 |
| CVE-2020-9227 Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted applic... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-9252 HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Hono... | 2.3 | LOW | — | 0 |
| CVE-2020-9254 HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check... | 7.8 | HIGH | — | 0 |
| CVE-2020-9255 Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter wh... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-9257 HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer over... | 8.8 | HIGH | — | 0 |
| CVE-2020-15879 Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, ... | 7.5 | HIGH | — | 0 |
| CVE-2020-9259 Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from t... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-9101 There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insu... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-9256 Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by appli... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-15009 AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code... | 7.8 | HIGH | — | 0 |
| CVE-2020-4361 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. | 4.3 | MEDIUM | — | 0 |
| CVE-2020-4466 IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM X-Force ID: 181563. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-24162 The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | 7.8 | HIGH | — | 0 |
| CVE-2020-4527 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmiss... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-12029 All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoin... | 9.0 | CRITICAL | — | 0 |
| CVE-2020-14484 OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14485 OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execu... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14491 OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-14494 OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow un... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-17450 PHP-Fusion 9.03 allows XSS on the preview page. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-8205 The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact... | 7.5 | HIGH | — | 0 |
| CVE-2020-8215 A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. | 8.8 | HIGH | — | 0 |
| CVE-2020-12027 All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissa... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-12028 In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce a... | 7.3 | HIGH | — | 0 |
| CVE-2020-12031 In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for... | 7.5 | HIGH | — | 0 |
| CVE-2020-25123 The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.