Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-20330 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19021 An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can lo... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-3699 eDeploy has RCE via cPickle deserialization of untrusted data | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19740 Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-5878 Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17364 The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16737 The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-18605 The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16736 A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16735 A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2745 An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16734 Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16733 processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16246 Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16730 processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-1000027 Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented withi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10493 Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdr... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-0011 Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vnc... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10511 Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18802 An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different str... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18801 An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corr... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-4486 Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7482 Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-0175 mcollective has a default password set at install | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19782 The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19228 Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10559 Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18339 A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vuln... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18337 A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communicati... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18330 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18329 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially g... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18328 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially g... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18327 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially g... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18326 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially g... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18325 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially g... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18324 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially g... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18323 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18316 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18315 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3951 Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling I... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19576 class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9855 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18314 A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18296 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potential... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16885 In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/Product... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18295 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potential... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18313 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11994 A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5079 An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware vers... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18293 A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potential... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.