Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-25259 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3614 Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elec... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3628 Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20 | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2791 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allow... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3660 Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdrago... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3661 Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3662 Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Ind... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3663 Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-18922 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket fra... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25258 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14967 An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14968 An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a si... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9576 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15363 The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7458 In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9578 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9579 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9580 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13159 Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25257 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14972 Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11849 Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposu... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3931 Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8521 SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11989 Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8520 SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12053 In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14983 The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8519 SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12821 Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20896 WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15350 RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against t... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15367 Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14944 Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5599 TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralizat... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5595 TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulne... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15506 An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attacker... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14072 An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2801 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20409 The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a serv... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12782 Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5594 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14938 An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size ver... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14993 A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authus... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24987 Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0123 There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374 | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25254 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5368 Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an en... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-1026 A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the libraryΓ’β¬β’s Elliptic Curve Cryptography (ECC) implementation.An attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15539 SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.