Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-12753 An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, a... | N/A | NONE | β | 0 |
| CVE-2019-16355 The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-1966 A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated priv... | 7.8 | HIGH | β | 0 |
| CVE-2019-1967 A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. T... | 7.5 | HIGH | β | 0 |
| CVE-2019-1968 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to inc... | 7.5 | HIGH | β | 0 |
| CVE-2019-1969 A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perf... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-1977 A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cau... | N/A | NONE | β | 0 |
| CVE-2019-5608 In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5609 In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 d... | 7.5 | HIGH | β | 0 |
| CVE-2019-5610 In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library... | 7.5 | HIGH | β | 0 |
| CVE-2019-5611 In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check ... | 7.5 | HIGH | β | 0 |
| CVE-2019-5612 In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel drive... | 7.5 | HIGH | β | 0 |
| CVE-2019-6113 Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. | N/A | NONE | β | 0 |
| CVE-2019-9697 An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL ... | N/A | NONE | β | 0 |
| CVE-2015-9380 The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2019-15816 The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | N/A | NONE | β | 0 |
| CVE-2019-15817 The easy-property-listings plugin before 3.4 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2019-15818 The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. | N/A | NONE | β | 0 |
| CVE-2019-15819 The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication. | N/A | NONE | β | 0 |
| CVE-2019-16644 App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15820 The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | N/A | NONE | β | 0 |
| CVE-2019-15821 The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data. | N/A | NONE | β | 0 |
| CVE-2019-15822 The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | N/A | NONE | β | 0 |
| CVE-2019-15823 The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass. | N/A | NONE | β | 0 |
| CVE-2019-15824 The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass. | N/A | NONE | β | 0 |
| CVE-2019-15825 The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass. | N/A | NONE | β | 0 |
| CVE-2016-10979 The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-15826 The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field. | N/A | NONE | β | 0 |
| CVE-2019-15827 The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | N/A | NONE | β | 0 |
| CVE-2019-15828 The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2019-15829 The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | N/A | NONE | β | 0 |
| CVE-2019-15830 The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. | N/A | NONE | β | 0 |
| CVE-2019-15831 The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | N/A | NONE | β | 0 |
| CVE-2019-15832 The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2014-10396 The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | 7.5 | HIGH | β | 0 |
| CVE-2019-15833 The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-15026 memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. | N/A | NONE | β | 0 |
| CVE-2019-2389 Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the Mon... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-12810 A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code executi... | N/A | NONE | β | 0 |
| CVE-2019-15630 Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released b... | N/A | NONE | β | 0 |
| CVE-2019-15834 The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2014-10397 The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | 7.5 | HIGH | β | 0 |
| CVE-2019-15835 The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2019-15836 The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | N/A | NONE | β | 0 |
| CVE-2019-15837 The webp-express plugin before 0.14.8 for WordPress has stored XSS. | N/A | NONE | β | 0 |
| CVE-2019-15838 The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | N/A | NONE | β | 0 |
| CVE-2019-15840 The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2019-15841 The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | N/A | NONE | β | 0 |
| CVE-2019-15842 The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2019-14524 An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than ... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.