Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-4029 IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-4032 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the att... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-4063 IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in th... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-9615 An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. | N/A | NONE | β | 0 |
| CVE-2018-19725 Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lea... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6518 Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | 7.5 | HIGH | β | 0 |
| CVE-2019-6520 Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | 7.5 | HIGH | β | 0 |
| CVE-2019-6522 Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reb... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-6524 Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6528 PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gat... | 8.8 | HIGH | β | 0 |
| CVE-2019-6557 Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6559 Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-6561 Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. | 8.8 | HIGH | β | 0 |
| CVE-2019-3920 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponFo... | 8.8 | HIGH | β | 0 |
| CVE-2019-6563 Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6565 Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. | 6.1 | MEDIUM | β | 0 |
| CVE-2018-11793 When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to... | N/A | NONE | β | 0 |
| CVE-2019-3917 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. | 7.5 | HIGH | β | 0 |
| CVE-2019-3918 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3919 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore... | 8.8 | HIGH | β | 0 |
| CVE-2019-3921 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/... | 8.8 | HIGH | β | 0 |
| CVE-2019-3922 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponFor... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9573 The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. | N/A | NONE | β | 0 |
| CVE-2019-9574 The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. | N/A | NONE | β | 0 |
| CVE-2019-9575 The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. | N/A | NONE | β | 0 |
| CVE-2019-9576 The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. | N/A | NONE | β | 0 |
| CVE-2024-34165 Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2019-9213 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMA... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-0540 A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credent... | N/A | NONE | β | 0 |
| CVE-2019-0590 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0591 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-9616 An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor... | N/A | NONE | β | 0 |
| CVE-2019-0593 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0594 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulne... | N/A | NONE | β | 0 |
| CVE-2019-0595 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0596 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2024-43143 Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the... | 6.4 | MEDIUM | β | 0 |
| CVE-2019-0597 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0598 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0599 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0600 An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is uni... | N/A | NONE | β | 0 |
| CVE-2019-0601 An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is uni... | N/A | NONE | β | 0 |
| CVE-2019-0602 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0605 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0606 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | N/A | NONE | β | 0 |
| CVE-2019-9617 An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor... | N/A | NONE | β | 0 |
| CVE-2019-0607 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0610 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is un... | N/A | NONE | β | 0 |
| CVE-2019-0613 A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulner... | N/A | NONE | β | 0 |
| CVE-2018-20577 Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.