Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-10507 The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting mac... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10505 The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases sche... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11819 In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6195 SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gai... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6990 Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10939 A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS N... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10121 cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546). | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16879 The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does no... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19212 Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10383 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11816 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11815 In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific att... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8786 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8783 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8784 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8785 SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-9347 Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the s... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10380 RMySQL through 0.10.19 allows SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12112 An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11673 An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11722 Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11710 An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability be... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11708 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for execut... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20498 cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11705 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the f... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-8546 An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-bas... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-5524 An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8598 Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8600 Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8961 An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to tur... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3922 LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10631 An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10625 WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10621 Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11656 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-1615 The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attack... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10980 GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21075 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21072 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21066 An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21065 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12115 An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrar... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12116 An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrar... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12117 An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execu... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12118 An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12119 An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12120 An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitr... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21064 An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018). | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21063 An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12132 An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that inclu... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.