Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-4059 IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-20033 A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deall... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7475 A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected Soni... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-16489 A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5421 Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9201 Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to t... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8800 rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8795 rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (cre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6524 Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8271 UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6557 Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4008 API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9165 SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8268 UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8996 In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1003041 A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5891 An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1003040 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-0160 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-4056 An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL inject... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10692 In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-0448 A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6543 AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privil... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10661 On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8262 UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network con... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9641 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3822 libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_messa... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3464 Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resultin... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-4059 An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7653 The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in thi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5420 A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can b... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9215 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8341 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then retu... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-20177 rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10125 An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pa... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3463 Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4032 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the att... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10655 Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacha... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5916 Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-15386 A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management f... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8794 rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8275 UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitabl... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-15387 A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate va... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7164 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-3985 An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, lead... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-4003 An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in m... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8274 UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploit... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8793 rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6527 PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.