Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-20402 Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper... | 4.9 | MEDIUM | β | 0 |
| CVE-2019-20403 The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-20404 The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnera... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-20405 The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerab... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-12124 An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-20406 The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write... | 7.8 | HIGH | β | 0 |
| CVE-2020-8658 The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the pl... | 8.8 | HIGH | β | 0 |
| CVE-2020-5528 Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and ear... | 6.1 | MEDIUM | β | 0 |
| CVE-2010-3917 Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | 6.5 | MEDIUM | β | 0 |
| CVE-2012-2593 Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-15711 A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLo... | 7.8 | HIGH | β | 0 |
| CVE-2015-6000 Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote au... | 8.8 | HIGH | β | 0 |
| CVE-2016-7523 coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 6.5 | MEDIUM | β | 0 |
| CVE-2016-7524 coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | 6.5 | MEDIUM | β | 0 |
| CVE-2016-9928 MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will... | 7.4 | HIGH | β | 0 |
| CVE-2013-4166 The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email e... | 7.5 | HIGH | β | 0 |
| CVE-2013-4572 The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows ... | 7.5 | HIGH | β | 0 |
| CVE-2014-1958 Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld strin... | 8.8 | HIGH | β | 0 |
| CVE-2014-2030 Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary ... | 8.8 | HIGH | β | 0 |
| CVE-2014-8271 Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. | 6.8 | MEDIUM | β | 0 |
| CVE-2015-2909 Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote at... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-1544 nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | 3.3 | LOW | β | 0 |
| CVE-2013-4521 RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to exec... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-10399 The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | 6.1 | MEDIUM | β | 0 |
| CVE-2014-10400 The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SP... | 6.1 | MEDIUM | β | 0 |
| CVE-2014-2875 The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOT... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-16152 A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending sp... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-17652 A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending spec... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-5854 On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specif... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-5855 When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell a... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-5856 On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experien... | 7.5 | HIGH | β | 0 |
| CVE-2019-12426 an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 | 5.3 | MEDIUM | β | 0 |
| CVE-2019-19800 Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-5720 MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it co... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-6767 A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bos... | 7.7 | HIGH | β | 0 |
| CVE-2020-6855 A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and r... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-6856 An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of th... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-7920 pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. | 7.5 | HIGH | β | 0 |
| CVE-2020-7954 An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoe... | 7.8 | HIGH | β | 0 |
| CVE-2020-8608 In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | 5.6 | MEDIUM | β | 0 |
| CVE-2020-8636 An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8771 The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8772 The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-6297 Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial ... | 8.8 | HIGH | β | 0 |
| CVE-2012-6307 A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code | 8.8 | HIGH | β | 0 |
| CVE-2012-6309 A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service. | 7.5 | HIGH | β | 0 |
| CVE-2012-6340 An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-5317 Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted appl... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-5318 Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The n... | 7.5 | HIGH | β | 0 |
| CVE-2013-3568 Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.