Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-8443 In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msg... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3317 Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3316 Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8432 In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3718 Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3716 Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2573 A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2570 A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2568 A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3215 vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20217 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandl... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10783 All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20216 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishan... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20215 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3214 vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3071 NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-6306 A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2748 Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1599 A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-110... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4207 IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content i... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-8011 Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8086 The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only fun... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-4864 MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SS... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2914 fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as de... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2898 wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not ... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2897 The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2896 The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an ou... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2060 The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-3445 backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the adminis... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2571 Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1437 Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-5686 ZPanel 10.0.1 has insufficient entropy for its password reset process. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5464 A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15585 Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted a... | 9.8 | CRITICAL | β | 0 |
| CVE-2012-5190 Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2011-4094 Jara 1.6 has a SQL injection vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14017 Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consu... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14016 Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14014 Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicoba... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14013 While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connec... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14006 Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdrago... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14005 Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdr... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14004 Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IO... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10611 Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10581 NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Indu... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10532 Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial I... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7233 KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-5007 Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remo... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17361 In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint... | 9.8 | CRITICAL | β | 0 |
| CVE-2009-1120 EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where ... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.