Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-10038 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the device's web server might be able to e... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3198 Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unau... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10220 An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7675 cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13417 An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain Op... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20409 The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a serv... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13433 Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9296 Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10561 An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13926 Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13925 Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validati... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11951 An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6265 SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been config... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5537 Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13442 A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14944 Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10272 MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7497 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10988 A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7498 A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixe... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7500 A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notifi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14054 SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that u... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14031 Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Elec... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8171 We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9477 An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to captu... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14983 The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12395 Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12396 Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12390 Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14070 An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12016 Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 an... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13854 Artica Pandora FMS 7.44 allows privilege escalation. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20856 An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-14072 An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13901 An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9292 An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4193 IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12757 HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0117 In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15363 The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13656 In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remot... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-18888 An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9632 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11503 A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9631 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9630 Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privil... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6342 An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release othe... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10271 MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad se... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13804 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13693 An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.