Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-13082 Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extrac... | N/A | NONE | β | 0 |
| CVE-2019-13107 Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c | 9.8 | CRITICAL | β | 0 |
| CVE-2019-13108 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13109 An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a chunkLength - iccOffset ... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13110 A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13111 A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-13112 A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image ... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13113 Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13114 http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-13117 In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-13118 In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, l... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-12970 XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious ... | N/A | NONE | β | 0 |
| CVE-2019-12781 An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT sett... | N/A | NONE | β | 0 |
| CVE-2019-13125 HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. | N/A | NONE | β | 0 |
| CVE-2019-13127 An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field lead... | N/A | NONE | β | 0 |
| CVE-2019-13128 An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway f... | N/A | NONE | β | 0 |
| CVE-2019-13129 On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handlin... | N/A | NONE | β | 0 |
| CVE-2019-4057 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to... | 6.7 | MEDIUM | β | 0 |
| CVE-2019-4102 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive ... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-4154 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c... | 7.8 | HIGH | β | 0 |
| CVE-2019-4237 A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. ... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-4295 IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758. | 4.9 | MEDIUM | β | 0 |
| CVE-2019-4296 IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. | 3.3 | LOW | β | 0 |
| CVE-2019-4297 IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit thi... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-14403 cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | N/A | NONE | β | 0 |
| CVE-2019-4298 IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileg... | 7.1 | HIGH | β | 0 |
| CVE-2019-4299 IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-4322 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c... | 7.8 | HIGH | β | 0 |
| CVE-2019-4336 IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4337 IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-7281 Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a... | 8.8 | HIGH | β | 0 |
| CVE-2019-4357 When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary co... | 6.7 | MEDIUM | β | 0 |
| CVE-2019-4383 When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 1... | 6.7 | MEDIUM | β | 0 |
| CVE-2019-4386 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-4410 IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... | 5.4 | MEDIUM | β | 0 |
| CVE-2016-5235 A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. | N/A | NONE | β | 0 |
| CVE-2016-10891 The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2019-12826 A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are... | N/A | NONE | β | 0 |
| CVE-2019-13024 Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" i... | N/A | NONE | β | 0 |
| CVE-2019-1577 Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | N/A | NONE | β | 0 |
| CVE-2019-1578 Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the... | N/A | NONE | β | 0 |
| CVE-2019-7279 Optergy Proton/Enterprise devices have Hard-coded Credentials. | N/A | NONE | β | 0 |
| CVE-2019-7280 Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypas... | 8.8 | HIGH | β | 0 |
| CVE-2019-7666 Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to lo... | 8.8 | HIGH | β | 0 |
| CVE-2019-7667 Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7668 Prima Systems FlexAir devices have Default Credentials. | N/A | NONE | β | 0 |
| CVE-2019-7669 Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications w... | 8.8 | HIGH | β | 0 |
| CVE-2019-7670 Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which co... | 7.2 | HIGH | β | 0 |
| CVE-2019-13133 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-13134 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.