Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-23238 Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-15487 Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possibl... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19670 In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. | 4.9 | MEDIUM | β | 0 |
| CVE-2020-19672 Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, g... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19676 Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-20800 An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21244 An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php. | 4.9 | MEDIUM | β | 0 |
| CVE-2020-21522 An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and f... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21523 A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21564 An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. | 8.8 | HIGH | β | 0 |
| CVE-2020-22481 An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-22842 CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-24569 An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in atta... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-24570 An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session inf... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-24721 An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position... | 5.7 | MEDIUM | β | 0 |
| CVE-2020-25762 An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send maliciou... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-25763 Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP f... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26041 An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26042 An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26043 An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | 6.1 | MEDIUM | β | 0 |
| CVE-2020-26137 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: thi... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-26148 md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. | 7.5 | HIGH | β | 0 |
| CVE-2020-26149 NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. | 7.5 | HIGH | β | 0 |
| CVE-2020-26154 url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26157 Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration. | 9.6 | CRITICAL | β | 0 |
| CVE-2020-26158 Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. | 9.6 | CRITICAL | β | 0 |
| CVE-2020-26160 jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fail... | 7.5 | HIGH | β | 0 |
| CVE-2020-26163 BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. | 8.8 | HIGH | β | 0 |
| CVE-2020-8238 A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). | 6.1 | MEDIUM | β | 0 |
| CVE-2020-16234 In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execu... | 7.8 | HIGH | β | 0 |
| CVE-2020-8256 A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entit... | 4.9 | MEDIUM | β | 0 |
| CVE-2020-14375 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and t... | 7.8 | HIGH | β | 0 |
| CVE-2020-14376 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. T... | 7.8 | HIGH | β | 0 |
| CVE-2020-14377 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read ar... | 7.1 | HIGH | β | 0 |
| CVE-2020-14378 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could ca... | 3.3 | LOW | β | 0 |
| CVE-2020-15488 Re:Desk 2.3 allows insecure file upload. | 7.5 | HIGH | β | 0 |
| CVE-2020-15849 Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account coul... | 7.2 | HIGH | β | 0 |
| CVE-2020-14374 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to writ... | 8.8 | HIGH | β | 0 |
| CVE-2020-25626 A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come f... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-25816 HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4... | 6.8 | MEDIUM | β | 0 |
| CVE-2020-12715 RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. | 8.8 | HIGH | β | 0 |
| CVE-2020-12869 RainbowFish PacsOne Server 6.8.4 allows XSS. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-12870 RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13336 An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. | 4.0 | MEDIUM | β | 0 |
| CVE-2020-13952 In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated ... | 8.1 | HIGH | β | 0 |
| CVE-2020-23239 Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | 4.8 | MEDIUM | β | 0 |
| CVE-2020-25288 An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding fo... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-25781 An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-25830 An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript w... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-6654 A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.