Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2013-3317 Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3316 Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3762 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3763 Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successf... | 9.8 | CRITICAL | β | 0 |
| CVE-2011-2523 vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | 9.8 | CRITICAL | β | 0 |
| CVE-2011-2717 The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8432 In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute ... | 9.8 | CRITICAL | β | 0 |
| CVE-2012-5582 opendnssec misuses libcurl API | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12392 Anviz access control devices allow remote attackers to issue commands without a password. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8614 An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3718 Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3716 Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2573 A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a mal... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8802 SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2570 A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8803 SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2568 A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17275 OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14895 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection ne... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14897 A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute ar... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14901 A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulti... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3215 vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-4170 A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain acc... | 9.8 | CRITICAL | β | 0 |
| CVE-2011-4908 TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20488 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13204 Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9406 IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20217 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandl... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10783 All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20216 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishan... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20215 D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2011-5266 Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20489 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely co... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14892 A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 J... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3214 vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-3448 BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload | 9.8 | CRITICAL | β | 0 |
| CVE-2014-3449 BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2015-5617 SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4651 IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete in... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1400 Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResu... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1401 Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and dele... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3071 NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6330 A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-0690 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-1259 Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbit... | 9.8 | CRITICAL | β | 0 |
| CVE-2012-6306 A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-2714 The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2748 Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-1599 A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-110... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-16357 An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.