Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-22737 Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brut... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22738 Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered aft... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28063 A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20092 File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33590 GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22891 A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zone... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22911 A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31535 LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23691 YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23790 An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32607 An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.cshtml does not call HtmlUtils.SanitizeHtml on a private message. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27384 A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (inc... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27141 An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32608 An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27143 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27144 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27145 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27146 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27147 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27148 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27149 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27150 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27151 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27152 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27153 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27154 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27155 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27156 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27157 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27158 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27159 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27160 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27161 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27162 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27163 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27164 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / aisadmin credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27165 An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27166 An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27167 An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in li... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27168 An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27169 An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27170 An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27171 An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell). | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27172 An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13873 A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35198 An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32605 zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "en... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27177 An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32089 An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed thro... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-27847 A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest thr... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.