Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-8908 An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading a... | N/A | NONE | β | 0 |
| CVE-2019-8912 In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | 7.8 | HIGH | β | 0 |
| CVE-2019-8917 SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unaut... | N/A | NONE | β | 0 |
| CVE-2019-7629 Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. | N/A | NONE | β | 0 |
| CVE-2019-8919 The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making i... | N/A | NONE | β | 0 |
| CVE-2019-8933 In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting ... | N/A | NONE | β | 0 |
| CVE-2019-3812 QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute ... | N/A | NONE | β | 0 |
| CVE-2019-8935 Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | N/A | NONE | β | 0 |
| CVE-2019-8939 data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. | N/A | NONE | β | 0 |
| CVE-2018-1996 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obt... | N/A | NONE | β | 0 |
| CVE-2019-5754 Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malici... | N/A | NONE | β | 0 |
| CVE-2019-5755 Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5756 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | N/A | NONE | β | 0 |
| CVE-2019-5757 An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5758 Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5759 Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5760 Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-9032 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c. | N/A | NONE | β | 0 |
| CVE-2019-5761 Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5762 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. | N/A | NONE | β | 0 |
| CVE-2019-5763 Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5764 Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-20146 An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. | N/A | NONE | β | 0 |
| CVE-2019-5765 An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted In... | N/A | NONE | β | 0 |
| CVE-2019-5766 Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5767 Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/se... | N/A | NONE | β | 0 |
| CVE-2019-5768 DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local fil... | N/A | NONE | β | 0 |
| CVE-2019-8979 Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. | N/A | NONE | β | 0 |
| CVE-2019-5769 Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted... | N/A | NONE | β | 0 |
| CVE-2019-5770 Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5771 An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5772 Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | N/A | NONE | β | 0 |
| CVE-2019-8984 MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | N/A | NONE | β | 0 |
| CVE-2019-5773 Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML pa... | N/A | NONE | β | 0 |
| CVE-2019-5774 Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file ... | N/A | NONE | β | 0 |
| CVE-2019-5775 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2019-5776 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2019-9033 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2019-5777 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2019-5778 A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension ... | N/A | NONE | β | 0 |
| CVE-2019-5779 Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5780 Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | N/A | NONE | β | 0 |
| CVE-2019-9034 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2019-5781 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2019-5782 Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-5783 Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-20025 Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. | N/A | NONE | β | 0 |
| CVE-2018-20026 Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. | 7.5 | HIGH | β | 0 |
| CVE-2018-9867 In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download ... | 5.5 | MEDIUM | β | 0 |
| CVE-2018-19782 Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.