Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-1685 A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site script... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-1691 A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, result... | 5.8 | MEDIUM | β | 0 |
| CVE-2019-1698 A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information t... | N/A | NONE | β | 0 |
| CVE-2019-1700 A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2... | N/A | NONE | β | 0 |
| CVE-2019-8996 In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8955 In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the ... | N/A | NONE | β | 0 |
| CVE-2019-9002 An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the inst... | N/A | NONE | β | 0 |
| CVE-2019-7728 An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-... | N/A | NONE | β | 0 |
| CVE-2019-7729 An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still ima... | N/A | NONE | β | 0 |
| CVE-2018-20784 In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspeci... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-9003 In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a... | 7.5 | HIGH | β | 0 |
| CVE-2019-9004 In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet ... | N/A | NONE | β | 0 |
| CVE-2019-9015 A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path ad... | N/A | NONE | β | 0 |
| CVE-2019-9016 An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=colu... | N/A | NONE | β | 0 |
| CVE-2019-9019 The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and... | N/A | NONE | β | 0 |
| CVE-2019-6485 Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 be... | N/A | NONE | β | 0 |
| CVE-2019-9030 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2019-9020 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap o... | N/A | NONE | β | 0 |
| CVE-2019-9021 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an... | N/A | NONE | β | 0 |
| CVE-2019-9022 An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memc... | N/A | NONE | β | 0 |
| CVE-2019-9023 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expressi... | N/A | NONE | β | 0 |
| CVE-2019-9031 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c. | N/A | NONE | β | 0 |
| CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of a... | N/A | NONE | β | 0 |
| CVE-2019-9025 An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a... | N/A | NONE | β | 0 |
| CVE-2018-18692 A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. | N/A | NONE | β | 0 |
| CVE-2019-9026 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in m... | N/A | NONE | β | 0 |
| CVE-2019-9027 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2019-9028 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell... | N/A | NONE | β | 0 |
| CVE-2019-9029 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2019-9035 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2019-9036 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2019-9037 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. | N/A | NONE | β | 0 |
| CVE-2019-9038 An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c. | N/A | NONE | β | 0 |
| CVE-2014-10078 Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/register... | N/A | NONE | β | 0 |
| CVE-2014-10079 In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect ... | N/A | NONE | β | 0 |
| CVE-2018-20785 Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypa... | N/A | NONE | β | 0 |
| CVE-2024-34023 Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. | 8.4 | HIGH | β | 0 |
| CVE-2019-9041 An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:as... | N/A | NONE | β | 0 |
| CVE-2019-9042 An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the adm... | N/A | NONE | β | 0 |
| CVE-2019-9048 An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. | N/A | NONE | β | 0 |
| CVE-2019-9049 An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. | N/A | NONE | β | 0 |
| CVE-2019-9050 An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed. | N/A | NONE | β | 0 |
| CVE-2019-9051 An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. | N/A | NONE | β | 0 |
| CVE-2019-9052 An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. | N/A | NONE | β | 0 |
| CVE-2019-9047 GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled. | N/A | NONE | β | 0 |
| CVE-2019-9062 PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. | N/A | NONE | β | 0 |
| CVE-2019-9063 PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount. | N/A | NONE | β | 0 |
| CVE-2019-9064 PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | N/A | NONE | β | 0 |
| CVE-2019-9065 PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount. | N/A | NONE | β | 0 |
| CVE-2018-19782 Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.