Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-18801 An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corr... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17266 libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding ... | 9.8 | CRITICAL | β | 0 |
| CVE-2014-0175 mcollective has a default password set at install | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16891 Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17526 An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary co... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17393 The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authenti... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19782 The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8006 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17133 In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15900 An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitiali... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8028 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17132 vBulletin through 5.5.4 mishandles custom avatars. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17113 In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10614 Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon C... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8221 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17042 An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8220 Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free... | 9.8 | CRITICAL | β | 0 |
| CVE-2015-9323 The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17206 Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2242 Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8215 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8214 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8213 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8212 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8211 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after fre... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8100 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11399 An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8098 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18339 A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vuln... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18337 A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communicati... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16699 The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8206 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8205 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted poi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8061 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8060 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15232 Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and M... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8200 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8199 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8197 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8196 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted poi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8195 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted poi... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10938 A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Met... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-14529 OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-17269 Intellian Remote Access 3.18 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the Ping Test field. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8009 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8186 Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10757 knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3980 The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8055 Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and ear... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15260 A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerabili... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.