Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-12094 Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-12095 Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: ... | 8.8 | HIGH | β | 0 |
| CVE-2019-18413 In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidU... | 3.7 | LOW | β | 0 |
| CVE-2019-18414 Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker trickin... | 8.8 | HIGH | β | 0 |
| CVE-2019-18417 Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequate... | 8.8 | HIGH | β | 0 |
| CVE-2019-8078 Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-8079 Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-8080 Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-18419 A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-18418 clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8083 Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-17596 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client t... | 7.5 | HIGH | β | 0 |
| CVE-2015-0270 Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2356 Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2357 Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2358 Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5095 An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view v... | 4.3 | MEDIUM | β | 0 |
| CVE-2016-2359 Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-2360 Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | 9.8 | CRITICAL | β | 0 |
| CVE-2016-5202 browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an era... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-8081 Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. | 7.5 | HIGH | β | 0 |
| CVE-2019-8082 Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 7.5 | HIGH | β | 0 |
| CVE-2019-8084 Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 6.1 | MEDIUM | β | 0 |
| CVE-2013-4855 D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. | 8.8 | HIGH | β | 0 |
| CVE-2013-4856 D-Link DIR-865L has Information Disclosure. | 6.5 | MEDIUM | β | 0 |
| CVE-2013-4857 D-Link DIR-865L has PHP File Inclusion in the router xml file. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8085 Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-8086 Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 7.5 | HIGH | β | 0 |
| CVE-2019-8087 Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure. | 7.5 | HIGH | β | 0 |
| CVE-2019-8088 Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8234 Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | 6.5 | MEDIUM | β | 0 |
| CVE-2013-4658 Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-4848 TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | 8.8 | HIGH | β | 0 |
| CVE-2019-13525 In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-14451 RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450,... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16265 CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4036 IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159. | 7.5 | HIGH | β | 0 |
| CVE-2019-4394 IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. | 2.3 | LOW | β | 0 |
| CVE-2019-4395 IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333. | 3.3 | LOW | β | 0 |
| CVE-2020-12766 Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4396 IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could explo... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-4399 IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ... | 7.5 | HIGH | β | 0 |
| CVE-2019-4400 IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containin... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-4461 IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further atta... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-3666 API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a ca... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13546 In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked applic... | 6.8 | MEDIUM | β | 0 |
| CVE-2019-13549 Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 β B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection agai... | 7.5 | HIGH | β | 0 |
| CVE-2019-13553 Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 β B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These cred... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5114 An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with param... | 9.9 | CRITICAL | β | 0 |
| CVE-2019-9282 In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is need... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.