Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-18696 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7224 The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-18693 An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 201... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11038 An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for share... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7485 **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11928 In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11036 An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20786 handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20730 Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11033 An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7619 get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7620 pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7621 strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7623 jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10515 STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7624 effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7625 op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7626 karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7627 node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7628 umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7629 install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7630 git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11028 An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11025 An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-711... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0073 In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0072 In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0071 In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional exec... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10599 VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12002 A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11586 An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6994 A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8637 A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8638 A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0070 In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional executio... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11598 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11597 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8147 Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6203 A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept netw... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11518 Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7636 adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11878 The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20772 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007 (August 2019). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11542 3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11545 Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id par... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11548 The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11558 An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This lea... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11873 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20777 An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44172 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-44171 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.