Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-28907 Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30234 The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT paramete... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13858 An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30233 The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19111 Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19110 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13859 An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30232 The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12348 An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19109 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30231 The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid,... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19108 SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19107 SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25019 LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15833 An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28194 Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS s... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30230 The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1275 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29369 The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30228 The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23691 YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31324 The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29300 The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-25812 Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1505 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15690 In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1506 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31535 LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35757 An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not e... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35758 An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. De... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1508 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23083 Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonU... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32020 The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22891 A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zone... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28026 Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline i... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20720 SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to execute arbitrary SQL commands and to obtain/alter the information stored in the database via unspecifie... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27213 config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20236 A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and th... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27651 In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33590 GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27384 A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (inc... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21995 Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32608 An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28024 Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3120 An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22519 Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15835 An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22807 An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32619 Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20721 KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified vectors. If the file contains PHP scripts, arbitrary code may be executed. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.