Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-44341 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST reque... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41622 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-7071 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-0127 A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8181 An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restric... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6641 An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a sub... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6640 A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6639 An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6638 A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and t... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45265 A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-41444 SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34087 An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6481 A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-8073 Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewa... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-42531 Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect th... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-6180 A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4087 IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specificall... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13107 Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10698 An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff t... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-0002 On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the c... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-7471 An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Inject... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6168 A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6814 A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a re... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1620 A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The v... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6167 A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7667 Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11119 Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12765 An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7107 Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11356 The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCale... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12450 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6742 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12288 An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WIP) KR75.8.53.20 and 200V (C38S) KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a we... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12165 MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6957 A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2729 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily e... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7274 Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7096 Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8457 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10993 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10991 In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10989 In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vu... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-0006 A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Cha... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7847 A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7846 A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauth... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-17842 SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7088 Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Succe... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-7842 A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6327 HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buff... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.