CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2018-13313 In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user kno... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-9381 controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. | 7.5 | HIGH | — | 0 |
| CVE-2018-14705 In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and con... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-12510 In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For ... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-12511 In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-12512 In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login atte... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-12513 In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the mali... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-17228 includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-17229 includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-9374 On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's tracerout... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-1937 Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries. | 8.8 | HIGH | — | 0 |
| CVE-2019-17569 The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were i... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-1935 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as val... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-9382 An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via Medi... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-9385 A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation. | 7.5 | HIGH | — | 0 |
| CVE-2020-8818 An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an... | 8.1 | HIGH | — | 0 |
| CVE-2020-8819 An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacke... | 8.1 | HIGH | — | 0 |
| CVE-2019-4557 IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206. | 7.5 | HIGH | — | 0 |
| CVE-2019-4672 IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. IBM X... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-5136 An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from... | 8.8 | HIGH | — | 0 |
| CVE-2019-5137 The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | 7.5 | HIGH | — | 0 |
| CVE-2019-5138 An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arb... | 9.9 | CRITICAL | — | 0 |
| CVE-2019-5139 An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryptio... | 7.1 | HIGH | — | 0 |
| CVE-2019-5140 An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to b... | 8.8 | HIGH | — | 0 |
| CVE-2019-5141 An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be ref... | 8.8 | HIGH | — | 0 |
| CVE-2020-9394 An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. | 8.8 | HIGH | — | 0 |
| CVE-2019-5142 An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can caus... | 7.2 | HIGH | — | 0 |
| CVE-2019-5143 An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflo... | 8.8 | HIGH | — | 0 |
| CVE-2019-5148 An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering ... | 7.5 | HIGH | — | 0 |
| CVE-2019-5153 An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause ... | 8.8 | HIGH | — | 0 |
| CVE-2019-5162 An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the... | 8.8 | HIGH | — | 0 |
| CVE-2019-5165 An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpr... | 7.2 | HIGH | — | 0 |
| CVE-2023-25037 Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-9383 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before as... | 7.1 | HIGH | — | 0 |
| CVE-2019-12863 SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | 4.8 | MEDIUM | — | 0 |
| CVE-2020-8793 OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offli... | 4.7 | MEDIUM | — | 0 |
| CVE-2020-8794 OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9017 LiteCart through 2.2.1 allows CSV injection via a customer's profile. | 8.0 | HIGH | — | 0 |
| CVE-2020-9334 A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to injec... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-9335 Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbi... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-9008 Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-9018 LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-9019 The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-9391 An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory b... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-32507 Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2. | 7.3 | HIGH | — | 0 |
| CVE-2016-11020 Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-3999 Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYST... | 7.8 | HIGH | — | 0 |
| CVE-2020-8809 Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by mod... | 8.1 | HIGH | — | 0 |
| CVE-2020-8810 An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path trave... | 8.1 | HIGH | — | 0 |
| CVE-2020-9379 The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful ex... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.