Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-27147 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35205 Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27146 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15833 An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36177 RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15835 An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25785 An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtp... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27145 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27144 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27143 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15836 An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-2108 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability all... | 9.8 | CRITICAL | β | 0 |
| CVE-2013-2512 The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35795 Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CB... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27141 An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (Th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4682 IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit thi... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35797 NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25783 An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetC... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-26547 Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messag... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36380 An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28194 Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS s... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-25782 An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNet... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36109 ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs m... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35929 In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24640 There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation c... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-24698 An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26305 An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violat... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3331 WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default in... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13451 An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29016 A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-29015 A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sendi... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1300 Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see t... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-2075 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1301 Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see t... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3346 Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12126 Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20618 Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege whi... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20617 Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative p... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12125 A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27135 xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-27265 KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-12124 A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without aut... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36381 An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-10001 The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21179 Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36244 The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28871 Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28870 In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1138 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For m... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1139 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For m... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.