Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-12598 SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3). | N/A | NONE | β | 0 |
| CVE-2019-12599 SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection. | N/A | NONE | β | 0 |
| CVE-2019-12600 SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3). | N/A | NONE | β | 0 |
| CVE-2019-12601 SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3). | N/A | NONE | β | 0 |
| CVE-2018-10690 An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows... | 8.1 | HIGH | β | 0 |
| CVE-2019-13255 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464. | N/A | NONE | β | 0 |
| CVE-2018-10691 An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download... | N/A | NONE | β | 0 |
| CVE-2018-10692 An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to ... | N/A | NONE | β | 0 |
| CVE-2018-10693 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same fu... | N/A | NONE | β | 0 |
| CVE-2018-10694 An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wire... | 8.1 | HIGH | β | 0 |
| CVE-2018-20356 An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows ... | N/A | NONE | β | 0 |
| CVE-2018-10695 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. Howev... | N/A | NONE | β | 0 |
| CVE-2018-10696 An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks... | N/A | NONE | β | 0 |
| CVE-2018-10697 An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. Howev... | 8.8 | HIGH | β | 0 |
| CVE-2018-10698 An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff t... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3409 All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take adv... | N/A | NONE | β | 0 |
| CVE-2018-10699 An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wirele... | N/A | NONE | β | 0 |
| CVE-2018-10700 An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execu... | N/A | NONE | β | 0 |
| CVE-2018-10701 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allo... | N/A | NONE | β | 0 |
| CVE-2018-10702 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allo... | 8.8 | HIGH | β | 0 |
| CVE-2019-11877 XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID. | N/A | NONE | β | 0 |
| CVE-2018-10703 An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allo... | N/A | NONE | β | 0 |
| CVE-2019-12779 libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. | N/A | NONE | β | 0 |
| CVE-2019-2090 In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, with no add... | N/A | NONE | β | 0 |
| CVE-2019-2091 In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privile... | N/A | NONE | β | 0 |
| CVE-2019-2092 In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege, wit... | N/A | NONE | β | 0 |
| CVE-2019-2094 In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges need... | N/A | NONE | β | 0 |
| CVE-2019-2095 In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution p... | N/A | NONE | β | 0 |
| CVE-2019-2096 In EffectRelease of EffectBundle.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege in the audio server with no additional execution priv... | N/A | NONE | β | 0 |
| CVE-2019-2097 In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no ... | N/A | NONE | β | 0 |
| CVE-2019-2098 In areNotificationsEnabledForPackage of NotificationManagerService.java, there is a possible permissions bypass due to a missing permissions check. This could lead to local escalation of privilege, wi... | N/A | NONE | β | 0 |
| CVE-2019-2099 In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privil... | N/A | NONE | β | 0 |
| CVE-2019-2101 In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution priv... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-2102 In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate atta... | N/A | NONE | β | 0 |
| CVE-2019-3955 Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticat... | N/A | NONE | β | 0 |
| CVE-2019-12504 Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a vi... | N/A | NONE | β | 0 |
| CVE-2019-12505 Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes t... | N/A | NONE | β | 0 |
| CVE-2019-12506 Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to ... | N/A | NONE | β | 0 |
| CVE-2019-3956 Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which coul... | N/A | NONE | β | 0 |
| CVE-2019-3957 Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which cou... | 7.4 | HIGH | β | 0 |
| CVE-2019-9084 In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /t... | N/A | NONE | β | 0 |
| CVE-2019-9086 HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. | N/A | NONE | β | 0 |
| CVE-2019-12387 In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-5243 There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability. | N/A | NONE | β | 0 |
| CVE-2019-12780 The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow... | N/A | NONE | β | 0 |
| CVE-2018-20352 Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote c... | N/A | NONE | β | 0 |
| CVE-2018-20353 An invalid read of 8 bytes due to a use-after-free vulnerability during a "NULL test" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earl... | N/A | NONE | β | 0 |
| CVE-2018-20354 An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier... | N/A | NONE | β | 0 |
| CVE-2018-20355 An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows... | N/A | NONE | β | 0 |
| CVE-2019-12786 An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.