Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-10802 giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10801 enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9633 Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and e... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4101 "HCL Digital Experience is susceptible to Server Side Request Forgery." | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9465 An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such a... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6841 D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-9109 An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13118 An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13392 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13109 Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8149 Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3258 Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unau... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7674 access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13092 scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third p... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13091 pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this i... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12651 SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18666 An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerab... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12834 eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8899 There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MM... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10546 rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral mov... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10547 rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to later... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10548 rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, gran... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10549 rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, gra... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9292 An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13391 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4222 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13804 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4213 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13805 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13390 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7500 A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notifi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20822 An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4212 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4211 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13814 An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3125 A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13389 An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devic... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20827 An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20830 An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4210 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13831 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-166... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12390 Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13835 An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13768 In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-198... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13388 An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one c... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13839 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13840 An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-20000... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13841 An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3280 A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected d... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7508 A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute f... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.