Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-13202 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the we... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11518 Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10992 Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7636 adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-4981 LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-8089 SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14299 Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local acco... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11542 3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7981 sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17647 An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7980 Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellia... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11548 The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11558 An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This lea... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19208 Codiad Web IDE through 2.8.4 allows PHP Code injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10180 The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7631 diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7632 node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1744 IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-4651 It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or p... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8010 CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute c... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8012 CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrar... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7633 apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10106 PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-20334 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8441 JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11597 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1353 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2801 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9550 Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9477 An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to captu... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6061 An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other mis... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12128 In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7941 A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2791 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allow... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9423 LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-9612 SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via th... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-9613 Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-9614 The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11598 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11586 An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10674 PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11025 An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-711... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12114 An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11028 An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16072 An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of she... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11033 An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2733 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerabilit... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10230 CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-11036 An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13169 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to exe... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.