Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-18386 Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems m... | 8.7 | HIGH | β | 0 |
| CVE-2019-6700 An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password vi... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-5307 PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, t... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-5842 Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage p... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-14906 A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6529 An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166). | 4.9 | MEDIUM | β | 0 |
| CVE-2020-5841 An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18652 A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-6163 The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.musta... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-17146 This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17147 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific ... | 8.8 | HIGH | β | 0 |
| CVE-2019-17148 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to e... | 7.8 | HIGH | β | 0 |
| CVE-2019-17151 This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability... | 5.4 | MEDIUM | β | 0 |
| CVE-2014-5209 An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-20360 A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses... | 7.5 | HIGH | β | 0 |
| CVE-2019-20361 There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerabil... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-6170 An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | 9.8 | CRITICAL | β | 0 |
| CVE-2014-1454 Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input | 4.8 | MEDIUM | β | 0 |
| CVE-2014-1598 centurystar 7.12 ActiveX Control has a Stack Buffer Overflow | 9.8 | CRITICAL | β | 0 |
| CVE-2014-9908 A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | 6.5 | MEDIUM | β | 0 |
| CVE-2019-14820 It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability coul... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-20362 In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_print... | 7.8 | HIGH | β | 0 |
| CVE-2014-1409 MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords | 9.1 | CRITICAL | β | 0 |
| CVE-2014-1860 Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | 9.8 | CRITICAL | β | 0 |
| CVE-2014-2072 Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | 9.8 | CRITICAL | β | 0 |
| CVE-2016-6589 A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | 6.5 | MEDIUM | β | 0 |
| CVE-2016-6590 A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Sui... | 7.8 | HIGH | β | 0 |
| CVE-2016-6591 A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | 7.1 | HIGH | β | 0 |
| CVE-2016-6593 A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2019-10778 devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17076 An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19518 CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5188 A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting i... | 7.5 | HIGH | β | 0 |
| CVE-2020-0009 In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between... | 5.5 | MEDIUM | β | 0 |
| CVE-2014-5287 A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). | 8.8 | HIGH | β | 0 |
| CVE-2016-6586 A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add ... | 3.7 | LOW | β | 0 |
| CVE-2014-2686 Ansible prior to 1.5.4 mishandles the evaluation of some strings. | 7.5 | HIGH | β | 0 |
| CVE-2016-6588 A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-10777 In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19544 CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA se... | 7.8 | HIGH | β | 0 |
| CVE-2019-20363 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20364 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20365 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-5183 FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a N... | 7.5 | HIGH | β | 0 |
| CVE-2019-20366 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20367 nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). | 9.1 | CRITICAL | β | 0 |
| CVE-2019-5082 An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WA... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-6587 An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensi... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-19495 The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker ca... | 9.8 | CRITICAL | β | 0 |
| CVE-2016-5346 An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MS... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.