Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-19551 In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can subm... | 4.8 | MEDIUM | β | 0 |
| CVE-2019-19552 In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with suffi... | 4.8 | MEDIUM | β | 0 |
| CVE-2019-19620 In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to t... | 3.3 | LOW | β | 0 |
| CVE-2019-19625 SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky ... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-2218 In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installin... | 7.8 | HIGH | β | 0 |
| CVE-2019-19627 SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys fo... | 5.3 | MEDIUM | β | 0 |
| CVE-2012-2092 A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. | 5.9 | MEDIUM | β | 0 |
| CVE-2018-7282 The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12733 SiteVision 4 allows Remote Code Execution. | 8.8 | HIGH | β | 0 |
| CVE-2019-12734 SiteVision 4 has Incorrect Access Control. | 8.8 | HIGH | β | 0 |
| CVE-2019-2219 In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This... | 4.7 | MEDIUM | β | 0 |
| CVE-2012-2130 A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. | 7.4 | HIGH | β | 0 |
| CVE-2012-2148 An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | 3.3 | LOW | β | 0 |
| CVE-2019-16670 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-for... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16671 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-16672 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16673 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be ... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-16674 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie i... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18671 Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability co... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18672 Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Not... | 7.5 | HIGH | β | 0 |
| CVE-2019-1551 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, ... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-16771 Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized da... | 4.8 | MEDIUM | β | 0 |
| CVE-2019-11293 Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain ... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-18575 Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a tar... | 7.1 | HIGH | β | 0 |
| CVE-2019-10769 safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-2220 In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no addition... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-2221 In hasActivityInVisibleTask of WindowProcessController.java thereβs a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lea... | 7.8 | HIGH | β | 0 |
| CVE-2019-2222 n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileg... | 7.8 | HIGH | β | 0 |
| CVE-2019-2223 In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.... | 7.8 | HIGH | β | 0 |
| CVE-2019-2225 When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to r... | 8.8 | HIGH | β | 0 |
| CVE-2019-2226 In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution p... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-2227 In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges neede... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-2228 In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution p... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-2229 In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privil... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-2230 In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional ex... | 7.5 | HIGH | β | 0 |
| CVE-2019-2231 In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User in... | 4.4 | MEDIUM | β | 0 |
| CVE-2019-2232 In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution ... | 7.5 | HIGH | β | 0 |
| CVE-2019-9464 In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could ... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-16772 The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulner... | 3.1 | LOW | β | 0 |
| CVE-2019-19447 In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orph... | 7.8 | HIGH | β | 0 |
| CVE-2019-19448 In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space ... | 7.8 | HIGH | β | 0 |
| CVE-2019-19449 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/... | 7.8 | HIGH | β | 0 |
| CVE-2019-19683 RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanS... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-19630 HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. | 7.8 | HIGH | β | 0 |
| CVE-2019-19642 On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP ad... | 8.8 | HIGH | β | 0 |
| CVE-2019-19647 radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a ... | 7.8 | HIGH | β | 0 |
| CVE-2019-19648 In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, res... | 7.8 | HIGH | β | 0 |
| CVE-2019-19645 alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-19678 In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test iss... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-19679 In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action ... | 5.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.