Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-2904 Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-8135 The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8071 Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13116 The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16699 The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15260 A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerabili... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16700 The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Executi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17669 WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17670 WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10752 Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queri... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13657 CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13409 A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databas... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15064 HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18364 In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8161 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8167 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8169 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8186 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8195 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted poi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8196 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted poi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8197 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8199 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8200 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8205 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted poi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8206 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8211 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8212 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8213 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8214 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8215 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8220 Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8221 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15900 An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitiali... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17393 The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authenti... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17526 An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary co... | 9.8 | CRITICAL | β | 0 |
| CVE-2009-5041 overkill has buffer overflow via long player names that can corrupt data on the server machine | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6008 LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18224 idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18225 An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 befo... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18355 An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12147 The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthe... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12148 The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username f... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9499 The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-11796 In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18344 Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11933 A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18370 An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can co... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8236 Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8237 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18387 Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit pa... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.