Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-6637 On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue... | N/A | NONE | β | 0 |
| CVE-2019-6638 On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-6639 On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerabl... | 4.8 | MEDIUM | β | 0 |
| CVE-2019-6640 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This i... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-6641 On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthe... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-11512 Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5. | N/A | NONE | β | 0 |
| CVE-2019-9186 In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server l... | N/A | NONE | β | 0 |
| CVE-2019-9823 In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration file... | N/A | NONE | β | 0 |
| CVE-2019-9872 In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE c... | N/A | NONE | β | 0 |
| CVE-2019-9873 In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. T... | N/A | NONE | β | 0 |
| CVE-2017-13719 The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management ... | N/A | NONE | β | 0 |
| CVE-2017-8226 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmwar... | N/A | NONE | β | 0 |
| CVE-2017-8227 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the ... | N/A | NONE | β | 0 |
| CVE-2017-8228 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new came... | N/A | NONE | β | 0 |
| CVE-2017-8229 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using bi... | N/A | NONE | β | 0 |
| CVE-2019-10103 JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue,... | N/A | NONE | β | 0 |
| CVE-2017-8230 On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privil... | N/A | NONE | β | 0 |
| CVE-2018-14859 Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by bein... | N/A | NONE | β | 0 |
| CVE-2018-14860 Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sa... | N/A | NONE | β | 0 |
| CVE-2019-10101 JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | 8.1 | HIGH | β | 0 |
| CVE-2019-10102 JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. ... | N/A | NONE | β | 0 |
| CVE-2019-12841 Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. | N/A | NONE | β | 0 |
| CVE-2019-13207 nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. | N/A | NONE | β | 0 |
| CVE-2015-3907 CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. | N/A | NONE | β | 0 |
| CVE-2019-13074 A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource managem... | N/A | NONE | β | 0 |
| CVE-2019-9827 Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. | N/A | NONE | β | 0 |
| CVE-2019-13208 WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.... | N/A | NONE | β | 0 |
| CVE-2019-13226 deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileg... | 7.0 | HIGH | β | 0 |
| CVE-2019-13227 In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to creat... | N/A | NONE | β | 0 |
| CVE-2019-13228 deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there... | N/A | NONE | β | 0 |
| CVE-2019-13229 deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare ... | N/A | NONE | β | 0 |
| CVE-2019-13232 Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | 3.3 | LOW | β | 0 |
| CVE-2019-13233 In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bound... | N/A | NONE | β | 0 |
| CVE-2018-20850 Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. | N/A | NONE | β | 0 |
| CVE-2019-13239 inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | N/A | NONE | β | 0 |
| CVE-2019-13241 FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | 7.8 | HIGH | β | 0 |
| CVE-2019-13242 IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. | N/A | NONE | β | 0 |
| CVE-2019-13243 IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. | N/A | NONE | β | 0 |
| CVE-2019-13244 FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. | N/A | NONE | β | 0 |
| CVE-2019-13245 FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1. | N/A | NONE | β | 0 |
| CVE-2019-13246 FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601. | N/A | NONE | β | 0 |
| CVE-2019-13247 ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed. | N/A | NONE | β | 0 |
| CVE-2019-13275 An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to... | N/A | NONE | β | 0 |
| CVE-2019-13281 In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF do... | 7.8 | HIGH | β | 0 |
| CVE-2019-13282 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a craf... | 7.8 | HIGH | β | 0 |
| CVE-2019-13283 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a ... | 7.8 | HIGH | β | 0 |
| CVE-2019-1855 A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this... | 7.3 | HIGH | β | 0 |
| CVE-2019-1884 A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) conditi... | N/A | NONE | β | 0 |
| CVE-2019-1886 A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is... | 8.6 | HIGH | β | 0 |
| CVE-2019-1889 A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privilege... | 7.2 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.