Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-17640 In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctl... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19874 An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29128 petl before 1.68, in some configurations, allows resolution of entities in an XML document. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-27251 A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29062 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29061 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26944 An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29060 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29059 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29058 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19513 The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure i... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29056 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19872 An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a di... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29054 An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9551 An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sy... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28329 Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticat... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25159 499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28334 Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root pas... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28333 Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28332 Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verifi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28994 A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various t... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13942 It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scrip... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35190 The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35186 The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9864 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35184 The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remo... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35189 The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35187 The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the dock... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28929 Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenanc... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4001 The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9895 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24719 Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13877 SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9918 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7781 This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12315 Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8752 Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7472 An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthentic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28269 Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28271 Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35185 The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker im... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28270 Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-27481 An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3639 u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consum... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11196 u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11193 u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11184 u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11168 u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snap... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5426 Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-17051 Windows Network File System Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.