Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-6981 OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8310 OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7318 SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-5989 SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-0127 A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7300 Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the d... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-11681 Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron i... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-11682 Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8871 In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10759 PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-10541 The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious u... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-10722 partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14477 In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-3746 The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-11743 The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and applic... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-9019 SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14481 In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14480 In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14479 In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7750 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 do... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7238 A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attac... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7231 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta ch... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9244 Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14478 In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-16020 Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14476 In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8845 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10771 Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other im... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-3744 The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14475 In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command in... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-14474 In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting i... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7499 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10753 Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified o... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-3757 Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7233 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta ch... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7232 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta ch... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7228 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10683 An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7229 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gai... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10682 An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automati... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9063 An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8865 In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vect... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11240 Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11250 Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11253 Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11306 Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11307 Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-0315 A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an af... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11308 Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-4917 Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.