Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-1154 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privi... | 7.8 | HIGH | β | 0 |
| CVE-2020-1155 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2014-8944 Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-1156 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2020-1157 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2020-1158 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2020-1161 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | 7.5 | HIGH | β | 0 |
| CVE-2020-1164 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2020-1165 An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique f... | 7.8 | HIGH | β | 0 |
| CVE-2020-1166 An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique f... | 7.8 | HIGH | β | 0 |
| CVE-2020-1173 A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'. | 6.8 | MEDIUM | β | 0 |
| CVE-2020-1174 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | β | 0 |
| CVE-2020-1175 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | β | 0 |
| CVE-2020-1176 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | β | 0 |
| CVE-2020-1179 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is un... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-1184 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1185 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2014-8945 admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-1186 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1187 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1188 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1189 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-6091 An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP reque... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-1190 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1191 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1195 An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vu... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-13384 Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames ar... | 8.8 | HIGH | β | 0 |
| CVE-2020-3184 A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected s... | 7.2 | HIGH | β | 0 |
| CVE-2020-7813 Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the argument... | 7.8 | HIGH | β | 0 |
| CVE-2020-3272 A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilit... | 7.5 | HIGH | β | 0 |
| CVE-2020-3280 A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected d... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3314 A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connec... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-3343 A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an aff... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-3344 A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an aff... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-10711 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-11076 In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | 7.5 | HIGH | β | 0 |
| CVE-2020-11077 In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connectio... | 6.8 | MEDIUM | β | 0 |
| CVE-2020-7658 meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header par... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-13414 An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | 7.5 | HIGH | β | 0 |
| CVE-2020-13388 An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one c... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13389 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13390 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13391 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7674 access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13392 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13393 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13394 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13396 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | 7.1 | HIGH | β | 0 |
| CVE-2020-13397 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-13398 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | 8.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.