Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-12755 Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an ... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-14826 A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can... | 4.4 | MEDIUM | β | 0 |
| CVE-2019-14835 A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migrat... | 7.8 | HIGH | β | 0 |
| CVE-2015-9385 The quotes-and-tips plugin before 1.20 for WordPress has XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-9009 An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. | 7.5 | HIGH | β | 0 |
| CVE-2019-9681 Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products inclu... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-11667 Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to priva... | 7.5 | HIGH | β | 0 |
| CVE-2019-11666 Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could b... | 8.8 | HIGH | β | 0 |
| CVE-2019-13542 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer derefer... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-4086 IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker co... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-4171 IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information usin... | 3.7 | LOW | β | 0 |
| CVE-2019-4175 IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880... | 7.5 | HIGH | β | 0 |
| CVE-2019-4183 IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resour... | 7.5 | HIGH | β | 0 |
| CVE-2019-6809 A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum ... | 7.5 | HIGH | β | 0 |
| CVE-2019-4268 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequenc... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-4270 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-4271 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | 3.5 | LOW | β | 0 |
| CVE-2019-4342 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-14253 An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restrict... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-4442 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitra... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-4477 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force I... | 6.5 | MEDIUM | β | 0 |
| CVE-2018-7820 A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitor... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11665 Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitiv... | 7.5 | HIGH | β | 0 |
| CVE-2019-13538 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the cont... | 8.6 | HIGH | β | 0 |
| CVE-2019-6810 CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using ... | 8.8 | HIGH | β | 0 |
| CVE-2019-6811 An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module rece... | 7.5 | HIGH | β | 0 |
| CVE-2019-6813 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versi... | 7.5 | HIGH | β | 0 |
| CVE-2019-6826 A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DL... | 7.8 | HIGH | β | 0 |
| CVE-2019-6828 A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (... | 7.5 | HIGH | β | 0 |
| CVE-2019-6829 A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service ... | 7.5 | HIGH | β | 0 |
| CVE-2019-6830 A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the c... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-6831 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active conn... | 8.6 | HIGH | β | 0 |
| CVE-2019-6832 A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control wh... | 8.3 | HIGH | β | 0 |
| CVE-2019-6835 A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-6836 A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch ... | 7.5 | HIGH | β | 0 |
| CVE-2019-6837 A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server P... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-6838 A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch ... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-6839 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion... | 8.8 | HIGH | β | 0 |
| CVE-2019-14254 An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacke... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6840 A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG626... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16199 eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16391 SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-16392 SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-12620 A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is ... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-16393 SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-16394 SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscri... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-16395 GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. | 7.8 | HIGH | β | 0 |
| CVE-2019-16396 GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. | 7.8 | HIGH | β | 0 |
| CVE-2016-10994 The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2016-10995 The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.