Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-1440 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-1441 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 8.8 | HIGH | β | 0 |
| CVE-2019-1442 A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credent... | 5.5 | MEDIUM | β | 0 |
| CVE-2010-3095 mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5... | 4.7 | MEDIUM | β | 0 |
| CVE-2019-1443 An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited t... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-1445 A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is uniq... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-1446 An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-1447 A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is uniq... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-1448 A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 7.8 | HIGH | β | 0 |
| CVE-2019-1456 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Cod... | 8.8 | HIGH | β | 0 |
| CVE-2019-1457 A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | 7.8 | HIGH | β | 0 |
| CVE-2010-2488 NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. | 7.5 | HIGH | β | 0 |
| CVE-2010-3438 libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'priv... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-3292 The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to ... | 5.5 | MEDIUM | β | 0 |
| CVE-2010-3439 It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | 6.5 | MEDIUM | β | 0 |
| CVE-2011-2335 A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function. | 7.5 | HIGH | β | 0 |
| CVE-2019-17330 The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and una... | 9.6 | CRITICAL | β | 0 |
| CVE-2019-17331 The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS)... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-17332 The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripti... | 5.4 | MEDIUM | β | 0 |
| CVE-2010-3299 The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | 6.5 | MEDIUM | β | 0 |
| CVE-2011-2334 Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-14365 The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | 7.5 | HIGH | β | 0 |
| CVE-2019-14366 WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | 7.5 | HIGH | β | 0 |
| CVE-2019-14367 Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.). | 7.5 | HIGH | β | 0 |
| CVE-2019-5695 NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and pr... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-6170 A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | 6.4 | MEDIUM | β | 0 |
| CVE-2010-3305 Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | 8.8 | HIGH | β | 0 |
| CVE-2010-3440 babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | 5.5 | MEDIUM | β | 0 |
| CVE-2010-3844 An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | 8.8 | HIGH | β | 0 |
| CVE-2011-1802 WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption). | 6.5 | MEDIUM | β | 0 |
| CVE-2011-1803 An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element. | 6.5 | MEDIUM | β | 0 |
| CVE-2017-17224 Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected prod... | 8.8 | HIGH | β | 0 |
| CVE-2010-3857 JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2010-4177 mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-5213 Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. S... | 2.4 | LOW | β | 0 |
| CVE-2019-5228 Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earli... | 7.8 | HIGH | β | 0 |
| CVE-2024-53940 An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can ... | 8.8 | HIGH | β | 0 |
| CVE-2019-5229 P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker sh... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-5230 P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-A... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-5231 P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts... | 4.6 | MEDIUM | β | 0 |
| CVE-2019-5233 Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific com... | 8.8 | HIGH | β | 0 |
| CVE-2019-5246 Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-9467 In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User int... | 6.7 | MEDIUM | β | 0 |
| CVE-2019-3648 A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious fil... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-3641 Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data v... | 4.5 | MEDIUM | β | 0 |
| CVE-2019-18397 A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary... | 7.8 | HIGH | β | 0 |
| CVE-2019-5279 Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-5282 Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0... | 7.8 | HIGH | β | 0 |
| CVE-2019-5288 P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into ... | 7.8 | HIGH | β | 0 |
| CVE-2013-4656 Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.