Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-11658 CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-0048 An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11536 An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's se... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21090 An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (Ja... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12268 jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12267 setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11820 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10511 HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functio... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10507 The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting mac... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21089 An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offse... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-18645 An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software. There is a panel_lpm sysfs stack-based buffer overflow. The Samsung ID is SVE-2017-9414 (December... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11994 A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10505 The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases sche... | 9.8 | CRITICAL | β | 0 |
| CVE-2012-5878 Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-18644 An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software. There is a muic_set_reg_sel heap-based buffer overflow during the reading of MUIC register values. The Samsu... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3243 Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3247 Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11967 In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can on... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-8337 Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-1026 A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the libraryΓ’β¬β’s Elliptic Curve Cryptography (ECC) implementation.An attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-8516 Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspe... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11966 In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only oc... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11965 In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21055 An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT con... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11963 IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerab... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3248 Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11537 A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9279 An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take ful... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9277 An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin pass... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20646 NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9275 An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11630 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allow... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11819 In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3250 Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11543 OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5499 Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2884 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6195 SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gai... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10939 A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS N... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6974 Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19628 In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities un... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11514 The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privilege... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2915 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4393 HCL AppScan Standard is vulnerable to excessive authorization attempts | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20825 An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-18691 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos8890 chipsets) software. There are multiple Buffer Overflows in TSP sysfs cmd_store. The Samsung ID is SVE-2016-7500 (Ja... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2801 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12265 The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2791 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allow... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2931 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability all... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.