CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1751 CVE-2020-6551 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1752 CVE-2020-6550 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1753 CVE-2020-6549 416 2020-09-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1754 CVE-2020-6548 787 Overflow 2020-09-21 2021-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
1755 CVE-2020-6524 787 Overflow 2020-07-22 2021-01-27
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1756 CVE-2020-6523 787 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1757 CVE-2020-6520 120 Overflow 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1758 CVE-2020-6518 416 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
1759 CVE-2020-6517 787 Overflow 2020-07-22 2021-03-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1760 CVE-2020-6515 416 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1761 CVE-2020-6512 843 2020-07-22 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1762 CVE-2020-6449 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1763 CVE-2020-6429 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1764 CVE-2020-6428 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1765 CVE-2020-6427 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1766 CVE-2020-6424 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1767 CVE-2020-6422 416 2020-03-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1768 CVE-2020-6406 416 2020-02-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1769 CVE-2020-6364 78 Exec Code 2020-10-15 2021-06-17
10.0
None Remote Low Not required Complete Complete Complete
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
1770 CVE-2020-6287 287 2020-07-14 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
1771 CVE-2020-6207 306 2020-03-10 2021-06-17
10.0
None Remote Low Not required Complete Complete Complete
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
1772 CVE-2020-6192 20 Exec Code 2020-02-12 2020-02-19
9.0
None Remote Low ??? Complete Complete Complete
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
1773 CVE-2020-6191 20 2020-02-12 2020-02-19
9.0
None Remote Low ??? Complete Complete Complete
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
1774 CVE-2020-6090 269 Exec Code 2020-06-11 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
1775 CVE-2020-6016 787 Exec Code Mem. Corr. 2020-11-18 2020-12-10
10.0
None Remote Low Not required Complete Complete Complete
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.
1776 CVE-2020-5922 352 CSRF 2020-08-26 2020-09-02
9.3
None Remote Medium Not required Complete Complete Complete
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.
1777 CVE-2020-5902 94 Exec Code 2020-07-01 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
1778 CVE-2020-5901 79 XSS 2020-07-01 2020-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
1779 CVE-2020-5868 78 Exec Code 2020-04-24 2020-05-01
10.0
None Remote Low Not required Complete Complete Complete
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
1780 CVE-2020-5847 94 Exec Code 2020-03-16 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Unraid through 6.8.0 allows Remote Code Execution.
1781 CVE-2020-5805 312 2021-01-08 2021-01-14
9.0
None Remote Low ??? Complete Complete Complete
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
1782 CVE-2020-5791 78 Exec Code 2020-10-20 2021-04-19
9.0
None Remote Low ??? Complete Complete Complete
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
1783 CVE-2020-5763 326 2020-07-29 2020-07-31
9.0
None Remote Low ??? Complete Complete Complete
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
1784 CVE-2020-5760 78 Exec Code 2020-07-29 2020-07-31
9.3
None Remote Medium Not required Complete Complete Complete
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
1785 CVE-2020-5759 78 Exec Code 2020-07-17 2020-07-23
10.0
None Remote Low Not required Complete Complete Complete
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command.
1786 CVE-2020-5758 78 Exec Code 2020-07-17 2020-07-23
9.0
None Remote Low ??? Complete Complete Complete
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
1787 CVE-2020-5757 78 Exec Code Bypass 2020-07-17 2020-07-23
10.0
None Remote Low Not required Complete Complete Complete
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API.
1788 CVE-2020-5756 78 Exec Code 2020-07-17 2020-07-22
9.0
None Remote Low ??? Complete Complete Complete
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
1789 CVE-2020-5739 94 Exec Code 2020-04-14 2020-04-14
9.0
None Remote Low ??? Complete Complete Complete
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
1790 CVE-2020-5738 59 Exec Code 2020-04-14 2020-04-14
9.0
None Remote Low ??? Complete Complete Complete
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.
1791 CVE-2020-5722 89 Exec Code Sql 2020-03-23 2020-03-25
10.0
None Remote Low Not required Complete Complete Complete
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
1792 CVE-2020-5685 78 Exec Code 2021-01-13 2021-01-21
10.0
None Remote Low Not required Complete Complete Complete
UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to execute arbitrary OS commands or cause a denial-of-service (DoS) condition by sending a specially crafted request to a specific URL.
1793 CVE-2020-5681 427 +Priv 2020-12-24 2020-12-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1794 CVE-2020-5639 22 Exec Code Dir. Trav. 2020-12-14 2020-12-15
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.
1795 CVE-2020-5633 287 Bypass +Info 2021-01-13 2021-01-21
9.0
None Remote Low Not required Partial Partial Complete
Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.
1796 CVE-2020-5626 78 Exec Code 2021-01-28 2021-02-03
9.0
None Remote Low ??? Complete Complete Complete
Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.
1797 CVE-2020-5610 119 Exec Code Overflow 2020-07-30 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors.
1798 CVE-2020-5599 74 Exec Code 2020-07-07 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
1799 CVE-2020-5561 78 Exec Code 2020-03-25 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1800 CVE-2020-5560 78 Exec Code 2020-03-25 2020-03-27
10.0
None Remote Low Not required Complete Complete Complete
WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.