Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-17206 Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14451 RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450,... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-7171 Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root p... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10105 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). | 9.8 | CRITICAL | β | 0 |
| CVE-2018-10103 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). | 9.8 | CRITICAL | β | 0 |
| CVE-2014-3700 eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16897 In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2360 Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13957 In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12736 JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13336 The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openl... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-21025 In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2359 Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12630 A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12409 The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2268 Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12157 In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11929 Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions p... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18189 A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10212 A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13658 CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2358 Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2357 Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16340 Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14313 A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14454 SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to vertical privilege escalation. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13335 SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13025 Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containin... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17067 PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16942 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10202 A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12271 Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15039 An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-20687 An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or condu... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15940 Victure PC530 devices allow unauthenticated TELNET access as root. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2294 Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2252 Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Cons... | 9.8 | CRITICAL | β | 0 |
| CVE-2011-5331 Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. | 9.8 | CRITICAL | β | 0 |
| CVE-2011-5330 Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19113 main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1010178 Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The at... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10540 Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Ele... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10539 Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdrag... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10538 Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdrag... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10509 Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdr... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2356 Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2289 Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16699 The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-0270 Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.