Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-13135 ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. | 8.8 | HIGH | β | 0 |
| CVE-2019-13136 ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. | N/A | NONE | β | 0 |
| CVE-2019-13137 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-3962 Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious... | N/A | NONE | β | 0 |
| CVE-2019-7275 Optergy Proton/Enterprise devices allow Open Redirect. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-7276 Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. | N/A | NONE | β | 0 |
| CVE-2019-7277 Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. | N/A | NONE | β | 0 |
| CVE-2019-7278 Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. | N/A | NONE | β | 0 |
| CVE-2019-13150 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr. | N/A | NONE | β | 0 |
| CVE-2019-10979 SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. | N/A | NONE | β | 0 |
| CVE-2019-5497 NetApp AFF A700s Baseboard Management Controller (BMC) firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution. | N/A | NONE | β | 0 |
| CVE-2019-6642 In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ... | 8.8 | HIGH | β | 0 |
| CVE-2019-7271 Nortek Linear eMerge 50P/5000P devices have Default Credentials. | N/A | NONE | β | 0 |
| CVE-2019-7272 Optergy Proton/Enterprise devices allow Username Disclosure. | 5.3 | MEDIUM | β | 0 |
| CVE-2018-20885 cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | N/A | NONE | β | 0 |
| CVE-2019-7273 Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). | 8.8 | HIGH | β | 0 |
| CVE-2019-7274 Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9702 Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are... | N/A | NONE | β | 0 |
| CVE-2019-9703 Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are... | N/A | NONE | β | 0 |
| CVE-2019-13148 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule. | N/A | NONE | β | 0 |
| CVE-2019-13149 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings. | N/A | NONE | β | 0 |
| CVE-2019-14404 cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | N/A | NONE | β | 0 |
| CVE-2019-13151 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key w... | N/A | NONE | β | 0 |
| CVE-2019-13152 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule. | N/A | NONE | β | 0 |
| CVE-2019-13153 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. | N/A | NONE | β | 0 |
| CVE-2019-13154 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. | N/A | NONE | β | 0 |
| CVE-2019-13155 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. | N/A | NONE | β | 0 |
| CVE-2019-4087 IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specificall... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4292 IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698. | 8.8 | HIGH | β | 0 |
| CVE-2019-4088 IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan ... | 7.8 | HIGH | β | 0 |
| CVE-2019-4129 IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-4134 IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-4140 IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. | 7.1 | HIGH | β | 0 |
| CVE-2019-4260 IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-13338 In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash c... | N/A | NONE | β | 0 |
| CVE-2017-8408 An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET paramet... | N/A | NONE | β | 0 |
| CVE-2019-13056 An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection. | N/A | NONE | β | 0 |
| CVE-2019-12594 DOSBox 0.74-2 has Incorrect Access Control. | N/A | NONE | β | 0 |
| CVE-2019-7263 Linear eMerge E3-Series devices have a Version Control Failure. | N/A | NONE | β | 0 |
| CVE-2019-7264 Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. | N/A | NONE | β | 0 |
| CVE-2019-7265 Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7266 Linear eMerge 50P/5000P devices allow Authentication Bypass. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7267 Linear eMerge 50P/5000P devices allow Cookie Path Traversal. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7268 Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-10136 It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around,... | N/A | NONE | β | 0 |
| CVE-2019-7269 Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-7270 Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). | 8.8 | HIGH | β | 0 |
| CVE-2019-7259 Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. | 8.8 | HIGH | β | 0 |
| CVE-2019-7260 Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | N/A | NONE | β | 0 |
| CVE-2019-10137 A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the ex... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.