Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2009-1120 EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where ... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-8322 Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2025 Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attacker... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8508 nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19838 emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the u... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-6792 Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11796 In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10505 Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Cons... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10522 While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdrag... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10528 Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon In... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10531 Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10533 Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sna... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10534 Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10541 Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10542 Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10565 Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12147 The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthe... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2249 Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon M... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2258 Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon I... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8803 SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2283 Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon I... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2285 Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon C... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2302 While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectiv... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2323 Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2324 When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Con... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2325 Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2331 Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2332 Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8802 SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7471 Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data a... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8510 An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8614 An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP... | 9.8 | CRITICAL | β | 0 |
| CVE-2012-4750 A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial o... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3763 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6948 A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3762 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3760 Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8591 eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8592 eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). | 9.8 | CRITICAL | β | 0 |
| CVE-2012-6451 Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12148 The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username f... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-6225 LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2014-5381 Grand MA 300 allows a brute-force attack on the PIN. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12419 Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it doe... | 9.8 | CRITICAL | β | 0 |
| CVE-2012-5618 Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3754 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful explo... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3938 SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6840 In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18805 An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very la... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3752 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a buffer error vulnerability. Successful explo... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.