Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-2325 Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2331 Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2332 Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2010-2471 Drupal versions 5.x and 6.x has open redirection | 6.1 | MEDIUM | β | 0 |
| CVE-2019-6120 An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify v... | 7.5 | HIGH | β | 0 |
| CVE-2019-6121 An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Ol... | 3.7 | LOW | β | 0 |
| CVE-2019-6122 A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, b... | 3.1 | LOW | β | 0 |
| CVE-2019-3426 The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operat... | 8.8 | HIGH | β | 0 |
| CVE-2009-5049 WebApp JSP Snoop page XSS in jetty though 6.1.21. | 6.1 | MEDIUM | β | 0 |
| CVE-2009-5050 konversation before 1.2.3 allows attackers to cause a denial of service. | 7.5 | HIGH | β | 0 |
| CVE-2010-4178 MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | 5.5 | MEDIUM | β | 0 |
| CVE-2011-1298 An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function. | 7.5 | HIGH | β | 0 |
| CVE-2016-1000037 Pagure: XSS possible in file attachment endpoint | 6.1 | MEDIUM | β | 0 |
| CVE-2019-19537 In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/c... | 4.2 | MEDIUM | β | 0 |
| CVE-2019-3990 A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and i... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-7365 DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may th... | 7.8 | HIGH | β | 0 |
| CVE-2019-7366 Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing... | 7.8 | HIGH | β | 0 |
| CVE-2019-19460 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-10013 The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a cr... | 7.5 | HIGH | β | 0 |
| CVE-2019-13456 In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks info... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-16885 In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/Product... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18992 OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, ... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-18993 OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | 5.4 | MEDIUM | β | 0 |
| CVE-2019-19382 Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | 7.8 | HIGH | β | 0 |
| CVE-2019-19383 freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled). | 8.8 | HIGH | β | 0 |
| CVE-2019-14317 wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures vi... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-19457 SALTO ProAccess SPACE 5.4.3.0 allows XSS. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-19458 SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. | 8.6 | HIGH | β | 0 |
| CVE-2019-19459 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that wil... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9689 process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. | 7.5 | HIGH | β | 0 |
| CVE-2019-18574 RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this ... | 4.8 | MEDIUM | β | 0 |
| CVE-2019-19543 In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | 7.8 | HIGH | β | 0 |
| CVE-2019-3749 Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to del... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-3750 Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to del... | 5.5 | MEDIUM | β | 0 |
| CVE-2016-1000104 A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | 8.8 | HIGH | β | 0 |
| CVE-2019-5076 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, ... | 8.8 | HIGH | β | 0 |
| CVE-2019-5083 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bound... | 8.8 | HIGH | β | 0 |
| CVE-2019-5096 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5097 A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP ... | 7.5 | HIGH | β | 0 |
| CVE-2019-5109 Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with param... | 8.8 | HIGH | β | 0 |
| CVE-2019-5110 Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parame... | 8.8 | HIGH | β | 0 |
| CVE-2019-5111 Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and... | 8.8 | HIGH | β | 0 |
| CVE-2019-5112 Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections ... | 8.8 | HIGH | β | 0 |
| CVE-2019-5163 An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FA... | 7.5 | HIGH | β | 0 |
| CVE-2019-5164 An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resul... | 7.8 | HIGH | β | 0 |
| CVE-2013-7325 An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. | 8.8 | HIGH | β | 0 |
| CVE-2015-7542 A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-18850 TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and int... | 7.5 | HIGH | β | 0 |
| CVE-2019-14909 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 8.3 | HIGH | β | 0 |
| CVE-2019-15638 COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element. | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.