Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-7261 Linear eMerge E3-Series devices have Hard-coded Credentials. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7262 Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | 8.8 | HIGH | β | 0 |
| CVE-2017-8404 An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-8407 An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device do... | 8.8 | HIGH | β | 0 |
| CVE-2017-8411 An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parame... | 8.8 | HIGH | β | 0 |
| CVE-2019-5443 A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") o... | 7.8 | HIGH | β | 0 |
| CVE-2019-7252 Linear eMerge E3-Series devices have Default Credentials. | N/A | NONE | β | 0 |
| CVE-2019-7253 Linear eMerge E3-Series devices allow Directory Traversal. | N/A | NONE | β | 0 |
| CVE-2017-8414 An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary perf... | 7.8 | HIGH | β | 0 |
| CVE-2019-7254 Linear eMerge E3-Series devices allow File Inclusion. | 7.5 | HIGH | β | 0 |
| CVE-2019-7255 Linear eMerge E3-Series devices allow XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-7257 Linear eMerge E3-Series devices allow Unrestricted File Upload. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-7258 Linear eMerge E3-Series devices allow Privilege Escalation. | 8.8 | HIGH | β | 0 |
| CVE-2017-8405 An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads ... | 7.5 | HIGH | β | 0 |
| CVE-2017-8406 An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to m... | 8.8 | HIGH | β | 0 |
| CVE-2017-8409 An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction ... | 7.5 | HIGH | β | 0 |
| CVE-2017-8410 An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary perfor... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10975 An out-of-bounds read vulnerability has been identified in Fuji Electric Alpha7 PC Loader Versions 1.1 and prior, which may crash the system. | N/A | NONE | β | 0 |
| CVE-2019-13173 fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overw... | N/A | NONE | β | 0 |
| CVE-2019-13175 Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites). | N/A | NONE | β | 0 |
| CVE-2017-11578 It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using p... | N/A | NONE | β | 0 |
| CVE-2017-11579 In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web... | N/A | NONE | β | 0 |
| CVE-2017-11580 Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a la... | N/A | NONE | β | 0 |
| CVE-2017-8412 An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the syste... | 8.8 | HIGH | β | 0 |
| CVE-2017-8413 An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255.... | 8.8 | HIGH | β | 0 |
| CVE-2017-8415 An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getsp... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13179 Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions,... | N/A | NONE | β | 0 |
| CVE-2017-8416 An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255.... | 8.8 | HIGH | β | 0 |
| CVE-2017-8417 An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the ... | 8.8 | HIGH | β | 0 |
| CVE-2019-5599 In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause a... | N/A | NONE | β | 0 |
| CVE-2019-6620 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command inject... | N/A | NONE | β | 0 |
| CVE-2018-11215 Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. | N/A | NONE | β | 0 |
| CVE-2019-6621 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST wo... | N/A | NONE | β | 0 |
| CVE-2019-6622 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource ... | N/A | NONE | β | 0 |
| CVE-2019-6624 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service (DoS). | N/A | NONE | β | 0 |
| CVE-2019-13177 verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote ... | N/A | NONE | β | 0 |
| CVE-2019-6623 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart... | 7.5 | HIGH | β | 0 |
| CVE-2019-13178 modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set. | N/A | NONE | β | 0 |
| CVE-2019-10183 Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arg... | N/A | NONE | β | 0 |
| CVE-2019-13164 qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL b... | 7.8 | HIGH | β | 0 |
| CVE-2019-3619 Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive inform... | N/A | NONE | β | 0 |
| CVE-2018-11426 A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication a... | N/A | NONE | β | 0 |
| CVE-2018-11427 CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | N/A | NONE | β | 0 |
| CVE-2018-11227 Monstra CMS 3.0.4 and earlier has XSS via index.php. | N/A | NONE | β | 0 |
| CVE-2018-11317 Subrion CMS before 4.1.4 has XSS. | N/A | NONE | β | 0 |
| CVE-2018-11420 There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423. | N/A | NONE | β | 0 |
| CVE-2018-11421 Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All infor... | N/A | NONE | β | 0 |
| CVE-2018-11422 Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All in... | N/A | NONE | β | 0 |
| CVE-2017-18346 SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter. | N/A | NONE | β | 0 |
| CVE-2018-11423 There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.