Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-23512 VR CAM P1 Model P1 v1 has an incorrect access control vulnerability where an attacker can obtain complete access of the device from web (remote) without authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-16098 It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0201 In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. This could lead to remote escalation of privilege with no additional execution privileg... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9898 This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-27664 admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25575 An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerabi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25573 An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3375 A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input valid... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-0230 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0342 There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-160812576 | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3382 A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative p... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-20432 D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24660 An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also aff... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3681 Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25283 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25279 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25278 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted J... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0229 There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-156333725 | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14100 In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5413 Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on de... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25260 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitr... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14096 Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25259 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25258 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25257 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15906 tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0123 There is a possible out of bounds write due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-149871374 | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25254 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25253 An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25576 An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it le... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8758 Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to pot... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15903 An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was f... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24916 CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5616 [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24379 WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4459 IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external component... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15787 A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be trunca... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15786 A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), S... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0217 In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. Use... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2040 A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to t... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11986 To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24199 Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24197 A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24074 The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25282 An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13151 Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code exec... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13921 **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-17353 scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous P... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5608 CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.