Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-1157 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2020-1158 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2020-1161 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | 7.5 | HIGH | β | 0 |
| CVE-2020-1164 An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE... | 7.8 | HIGH | β | 0 |
| CVE-2020-1165 An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique f... | 7.8 | HIGH | β | 0 |
| CVE-2020-1166 An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique f... | 7.8 | HIGH | β | 0 |
| CVE-2020-1173 A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'. | 6.8 | MEDIUM | β | 0 |
| CVE-2020-1174 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | β | 0 |
| CVE-2020-1175 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | β | 0 |
| CVE-2020-1176 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | β | 0 |
| CVE-2020-1179 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is un... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-1184 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1185 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2014-8945 admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-1186 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1187 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1188 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1189 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-6091 An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP reque... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-1190 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1191 An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2020-1195 An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vu... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-13384 Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames ar... | 8.8 | HIGH | β | 0 |
| CVE-2020-3184 A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected s... | 7.2 | HIGH | β | 0 |
| CVE-2020-7813 Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the argument... | 7.8 | HIGH | β | 0 |
| CVE-2020-3272 A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilit... | 7.5 | HIGH | β | 0 |
| CVE-2020-3280 A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected d... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3314 A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connec... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-3343 A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an aff... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-3344 A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an aff... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-10711 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-11076 In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | 7.5 | HIGH | β | 0 |
| CVE-2020-11077 In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connectio... | 6.8 | MEDIUM | β | 0 |
| CVE-2020-7658 meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header par... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-13414 An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | 7.5 | HIGH | β | 0 |
| CVE-2020-13388 An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one c... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13389 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13390 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13391 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7674 access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13392 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13393 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13394 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13396 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | 7.1 | HIGH | β | 0 |
| CVE-2020-13397 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-13398 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | 8.3 | HIGH | β | 0 |
| CVE-2020-12397 By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-13412 An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. | 8.8 | HIGH | β | 0 |
| CVE-2020-13413 An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-7675 cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.