Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-1998 In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no... | N/A | NONE | β | 0 |
| CVE-2019-1999 In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privil... | 7.8 | HIGH | β | 0 |
| CVE-2018-12388 Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of ... | N/A | NONE | β | 0 |
| CVE-2018-12391 During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this iss... | N/A | NONE | β | 0 |
| CVE-2018-12393 A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for t... | N/A | NONE | β | 0 |
| CVE-2018-12395 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are ot... | N/A | NONE | β | 0 |
| CVE-2018-12396 A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites wh... | N/A | NONE | β | 0 |
| CVE-2018-12398 By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63. | N/A | NONE | β | 0 |
| CVE-2018-12399 When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving... | N/A | NONE | β | 0 |
| CVE-2018-12400 In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing... | N/A | NONE | β | 0 |
| CVE-2018-12401 Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerab... | N/A | NONE | β | 0 |
| CVE-2019-9483 Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. | N/A | NONE | β | 0 |
| CVE-2018-12402 The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example... | N/A | NONE | β | 0 |
| CVE-2018-12403 If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | N/A | NONE | β | 0 |
| CVE-2018-12406 Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of ... | N/A | NONE | β | 0 |
| CVE-2018-12407 A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploi... | N/A | NONE | β | 0 |
| CVE-2019-9484 The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem... | N/A | NONE | β | 0 |
| CVE-2018-18495 WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading a... | N/A | NONE | β | 0 |
| CVE-2018-18496 When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing a... | N/A | NONE | β | 0 |
| CVE-2018-18497 Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument... | N/A | NONE | β | 0 |
| CVE-2018-18498 A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bou... | N/A | NONE | β | 0 |
| CVE-2018-18499 A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). Th... | N/A | NONE | β | 0 |
| CVE-2019-1663 A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1674 A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a... | N/A | NONE | β | 0 |
| CVE-2019-6555 Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remot... | 7.8 | HIGH | β | 0 |
| CVE-2019-6547 Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for proces... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-6551 Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to ca... | 7.5 | HIGH | β | 0 |
| CVE-2018-8790 Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. | N/A | NONE | β | 0 |
| CVE-2019-9543 An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the... | N/A | NONE | β | 0 |
| CVE-2019-9544 An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for... | N/A | NONE | β | 0 |
| CVE-2019-9545 An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pd... | N/A | NONE | β | 0 |
| CVE-2019-9546 SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | N/A | NONE | β | 0 |
| CVE-2024-34028 Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user ... | 6.7 | MEDIUM | β | 0 |
| CVE-2019-9547 In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial... | N/A | NONE | β | 0 |
| CVE-2019-8278 Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | N/A | NONE | β | 0 |
| CVE-2019-8279 Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | N/A | NONE | β | 0 |
| CVE-2019-9549 An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935. | N/A | NONE | β | 0 |
| CVE-2019-9550 DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. | N/A | NONE | β | 0 |
| CVE-2019-9551 An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS. | N/A | NONE | β | 0 |
| CVE-2019-9552 Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | N/A | NONE | β | 0 |
| CVE-2019-9563 In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads. | N/A | NONE | β | 0 |
| CVE-2024-34164 Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2019-9565 Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or ... | N/A | NONE | β | 0 |
| CVE-2019-9566 FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. | N/A | NONE | β | 0 |
| CVE-2019-9567 The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-9568 The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-6206 An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after ... | N/A | NONE | β | 0 |
| CVE-2019-6200 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitra... | N/A | NONE | β | 0 |
| CVE-2019-6235 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process ma... | N/A | NONE | β | 0 |
| CVE-2018-20577 Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.