Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-7712 This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. | 7.2 | HIGH | β | 0 |
| CVE-2020-14352 A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote r... | 8.0 | HIGH | β | 0 |
| CVE-2020-8244 A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-24917 osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-24223 Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-8097 An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper... | 8.1 | HIGH | β | 0 |
| CVE-2020-24104 XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as de... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-25031 checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. | 7.8 | HIGH | β | 0 |
| CVE-2020-25032 An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnam... | 7.5 | HIGH | β | 0 |
| CVE-2020-25033 The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-15020 An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-4492 IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device wi... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-24115 In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11617 The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to mod... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-11618 THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access vi... | 7.8 | HIGH | β | 0 |
| CVE-2020-12643 OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | 4.3 | MEDIUM | β | 0 |
| CVE-2020-12644 OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. | 5.0 | MEDIUM | β | 0 |
| CVE-2020-12645 OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12646 OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-12829 In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engin... | 3.8 | LOW | β | 0 |
| CVE-2020-13593 The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection... | 8.8 | HIGH | β | 0 |
| CVE-2020-13594 The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on r... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-13595 The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion o... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-13655 An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user ha... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-24786 An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before buil... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13463 The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-13464 The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module... | 4.2 | MEDIUM | β | 0 |
| CVE-2020-13465 The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. | 6.8 | MEDIUM | β | 0 |
| CVE-2020-13466 STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | 6.8 | MEDIUM | β | 0 |
| CVE-2020-13467 The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-13468 Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). | 6.8 | MEDIUM | β | 0 |
| CVE-2020-13469 The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-13470 Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-13471 Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | 6.8 | MEDIUM | β | 0 |
| CVE-2020-13472 The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-7714 All versions of package confucious are vulnerable to Prototype Pollution via the set function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13828 Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?act... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-15687 Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/d... | 7.5 | HIGH | β | 0 |
| CVE-2020-17465 Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-20625 Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. | 7.5 | HIGH | β | 0 |
| CVE-2020-20626 lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-20627 The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-24699 The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-7521 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7522 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7523 Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Seri... | 7.8 | HIGH | β | 0 |
| CVE-2020-7524 Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending ... | 7.5 | HIGH | β | 0 |
| CVE-2020-7525 Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a pass... | 7.5 | HIGH | β | 0 |
| CVE-2020-7526 Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. | 8.8 | HIGH | β | 0 |
| CVE-2020-7194 A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.