Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-27602 SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modul... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-26867 Windows Hyper-V Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2019-11684 Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlyin... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-36156 An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page coul... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-35951 An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offli... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-10208 Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-17363 USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-35948 An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16306 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the ... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-31984 XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to ... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-2279 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding conten... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-16096 In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has ac... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-26943 An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the use... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-3374 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive informat... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20329 A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerabili... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-14316 A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-1112 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Trans... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-11011 In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8. | 9.9 | CRITICAL | β | 0 |
| CVE-2020-7055 An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive. | 9.9 | CRITICAL | β | 0 |
| CVE-2019-5138 An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arb... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-27127 Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-16541 Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | 9.9 | CRITICAL | β | 0 |
| CVE-2015-5951 A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands. | 9.9 | CRITICAL | β | 0 |
| CVE-2019-16872 Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10940 A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform fir... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10458 Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute ar... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10759 safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10760 safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | 9.9 | CRITICAL | β | 0 |
| CVE-2019-1365 An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability c... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10418 Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 | CRITICAL | β | 0 |
| CVE-2019-10431 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code i... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-5114 An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with param... | 9.9 | CRITICAL | β | 0 |
| CVE-2020-27132 Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) wi... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-15954 An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget wit... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-11208 The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically process... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-11211 The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically all... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-20253 A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vul... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-2638 Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3,... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3875 An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incor... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3880 An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3917 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer o... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3856 An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL fiel... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3903 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on th... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3863 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on th... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3867 An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware ve... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3905 An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-c... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3904 An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16346 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16343 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using str... | 9.9 | CRITICAL | β | 0 |
| CVE-2017-16347 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.