Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-43661 The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a l... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-43663 There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44092 An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3918 json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34752 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34753 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34754 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27649 Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27647 Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34566 Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27646 Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33556 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-35034 Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24... | 9.8 | CRITICAL | β | 0 |
| CVE-2008-0961 EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43168 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2007-6013 Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gene... | 9.8 | CRITICAL | β | 0 |
| CVE-2007-5097 PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT p... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-31681 Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-53584 OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43028 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9051 An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bound... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-9034 Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate softw... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-0761 Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9558 (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-9602 KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deleti... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-5946 The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses ".... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-5158 An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL paramet... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-8303 An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-8731 Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-2805 An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-5878 The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialize... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2173 org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2015-0936 Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9400 The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-2781 An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflo... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-7977 The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-2780 An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflo... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9098 In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitore... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-8775 Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-8774 Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-3222 Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM priv... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11436 D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-11435 The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-9053 An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a ... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-9214 In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pul... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-9730 SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-8773 Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-4997 EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affecte... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.