Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-11586 An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7224 The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11598 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-2961 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11597 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11790 NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21072 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11545 Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id par... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12524 An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12498 The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7489 A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert β Basic or SoMachine Basic programming s... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7635 compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7487 A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7634 heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21066 An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21065 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21064 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7633 apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20787 Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7632 node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12134 Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7589 A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system leve... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7631 diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | 9.8 | CRITICAL | β | 0 |
| CVE-2015-8546 An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-bas... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10806 eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21063 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6826 Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enou... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40386 Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28711 A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory cor... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40390 An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27411 TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21938 A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27007 nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26507 A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810,... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43290 An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename bu... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27479 Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-43741 CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22956 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and e... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22955 VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and e... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27360 SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28584 It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28583 It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands th... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28582 It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28581 It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28580 It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28579 It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-21306 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28578 It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands th... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28577 It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28575 It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary command... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.