Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-20810 Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4... | N/A | NONE | β | 0 |
| CVE-2018-14887 Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and t... | N/A | NONE | β | 0 |
| CVE-2018-14916 LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | N/A | NONE | β | 0 |
| CVE-2018-14918 LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | N/A | NONE | β | 0 |
| CVE-2018-17170 Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are aff... | N/A | NONE | β | 0 |
| CVE-2018-17560 The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected. | N/A | NONE | β | 0 |
| CVE-2018-20807 An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitiz... | N/A | NONE | β | 0 |
| CVE-2018-20808 An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX. | N/A | NONE | β | 0 |
| CVE-2018-20811 A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. | N/A | NONE | β | 0 |
| CVE-2018-20812 An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is... | N/A | NONE | β | 0 |
| CVE-2018-20813 An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | N/A | NONE | β | 0 |
| CVE-2018-20814 An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS ... | N/A | NONE | β | 0 |
| CVE-2019-12932 A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. | N/A | NONE | β | 0 |
| CVE-2019-9843 In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveE... | N/A | NONE | β | 0 |
| CVE-2019-10175 A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the... | 6.5 | MEDIUM | β | 0 |
| CVE-2018-20978 The wp-all-import plugin before 3.4.7 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2019-10983 In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure... | 7.5 | HIGH | β | 0 |
| CVE-2019-10985 In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage ... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-10987 In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabi... | 8.8 | HIGH | β | 0 |
| CVE-2019-10989 In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vu... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10991 In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10993 In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13052 Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. | N/A | NONE | β | 0 |
| CVE-2019-13028 An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or del... | N/A | NONE | β | 0 |
| CVE-2019-13031 LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" ru... | N/A | NONE | β | 0 |
| CVE-2019-13032 An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri:... | N/A | NONE | β | 0 |
| CVE-2019-13035 Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, th... | N/A | NONE | β | 0 |
| CVE-2019-13038 mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-13083 XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a. | N/A | NONE | β | 0 |
| CVE-2019-13045 Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server. | N/A | NONE | β | 0 |
| CVE-2019-13046 linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications. | N/A | NONE | β | 0 |
| CVE-2019-13047 kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to ro... | N/A | NONE | β | 0 |
| CVE-2019-13048 kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE). | N/A | NONE | β | 0 |
| CVE-2019-13049 An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges. | N/A | NONE | β | 0 |
| CVE-2019-13050 Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the ... | 7.5 | HIGH | β | 0 |
| CVE-2016-10761 Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. | N/A | NONE | β | 0 |
| CVE-2019-13053 Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE... | N/A | NONE | β | 0 |
| CVE-2019-13054 The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restricti... | N/A | NONE | β | 0 |
| CVE-2019-13055 Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a ... | N/A | NONE | β | 0 |
| CVE-2019-13067 njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. | N/A | NONE | β | 0 |
| CVE-2019-13068 public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). | N/A | NONE | β | 0 |
| CVE-2019-13072 Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-13075 Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language ... | N/A | NONE | β | 0 |
| CVE-2019-11821 SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | 7.3 | HIGH | β | 0 |
| CVE-2019-11822 Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto p... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-11825 Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-11826 Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | 8.0 | HIGH | β | 0 |
| CVE-2019-11827 Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-11828 Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-11829 OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.