National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • CVSS Version: 3
  • CVSS V3 Severity: Critical (9-10)
  • CVSS V3 Metrics: AV:N
There are 8,827 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-3740

Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: February 13, 2020; 10:15:13 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2020-2110

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.

Published: February 12, 2020; 10:15:12 AM -05:00
V3.1: 9.9 CRITICAL
    V2: 6.5 MEDIUM
CVE-2020-2109

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.

Published: February 12, 2020; 10:15:12 AM -05:00
V3.1: 9.9 CRITICAL
    V2: 6.5 MEDIUM
CVE-2015-5617

SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.

Published: February 12, 2020; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-7381

libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.

Published: February 12, 2020; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability

Published: February 12, 2020; 10:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-7378

scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.

Published: February 12, 2020; 09:15:10 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2012-1124

SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.

Published: February 11, 2020; 03:15:10 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-9753

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.

Published: February 11, 2020; 01:15:16 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-4448

echoping through 6.0.2 has buffer overflow vulnerabilities

Published: February 11, 2020; 01:15:15 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2013-3684

NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload

Published: February 11, 2020; 01:15:15 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2013-2057

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability

Published: February 11, 2020; 01:15:15 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-1607

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability

Published: February 11, 2020; 01:15:15 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-1359

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.

Published: February 11, 2020; 12:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2013-0803

A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.

Published: February 11, 2020; 12:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-2052

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Published: February 11, 2020; 11:15:12 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-1360

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.

Published: February 11, 2020; 11:15:12 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2020-3934

Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.

Published: February 11, 2020; 07:15:21 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-14514

An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters.

Published: February 11, 2020; 07:15:20 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2013-5945

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.

Published: February 11, 2020; 07:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH