Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2013-7487 On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11543 OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10799 The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19634 class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a simi... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20530 An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10804 serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10938 GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10803 push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10802 giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10801 enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11574 An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9465 An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such a... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15609 The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8132 Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-18641 Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6974 Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15522 An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10980 GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-12498 The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-6989 In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condi... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-18257 In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20576 An issue was discovered on Samsung mobile devices with P(9.0) software. The MemorySaver Content Provider allows SQL injection. The Samsung ID is SVE-2019-14365 (August 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-10879 rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20590 An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019). | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10487 Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10500 While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19148 Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command Execution via the -l option to TELNET or SSH. Tellabs has addressed this issue in the SR30.1 and SR31.1 release on February 18, 20... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10516 Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10525 Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Ind... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20589 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SKPM Trustlet, leading to arbitrary code execution. The Samsung ID is S... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20572 An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20571 An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. There is type confusion in the WVDRM Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10557 Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdrago... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7475 A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10572 Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdrag... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20536 An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The S... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20537 An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS and Qualcomm chipsets). There is arbitrary memory overwrite in the SEM Trustlet, leading to arbitrary code execution. The Samsung... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-1944 There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20582 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8868 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specifi... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10614 Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon C... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-2242 Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20627 AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20544 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. There is an out-of-bounds write in the ICCC Trustlet. The Samsung ID is SVE-2019-15274 (November 20... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-20334 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using th... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16072 An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of she... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11399 An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11400 An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20545 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. A buffer overflow in the HDCP Trustlet affects secure TEEGRIS memory. The Samsung ID is SVE-2019-15... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-9760 An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a ... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.