Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-2719 Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: Web Applications (InfoCenter)). Supported versions that are affected are 8.5.1.0 - 8.5.1.7, 8.6.0 and 8.6.1. Easily ... | N/A | NONE | β | 0 |
| CVE-2019-2720 Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: ODI Tools). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vu... | N/A | NONE | β | 0 |
| CVE-2019-2721 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulne... | N/A | NONE | β | 0 |
| CVE-2019-2722 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulne... | N/A | NONE | β | 0 |
| CVE-2019-2723 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulne... | N/A | NONE | β | 0 |
| CVE-2019-10710 Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network's cleartext WiFi credentials via a specific HT... | N/A | NONE | β | 0 |
| CVE-2019-10711 Incorrect access control in the RTSP stream and web portal on all IP cameras based on Hisilicon Hi3510 firmware (until Webware version V1.0.1) allows attackers to view an RTSP stream by connecting to ... | N/A | NONE | β | 0 |
| CVE-2019-7727 In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to... | N/A | NONE | β | 0 |
| CVE-2018-7576 Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. | N/A | NONE | β | 0 |
| CVE-2018-8825 Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). | N/A | NONE | β | 0 |
| CVE-2019-10688 VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between... | N/A | NONE | β | 0 |
| CVE-2019-11486 The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. | 7.0 | HIGH | β | 0 |
| CVE-2019-11487 The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/s... | 7.8 | HIGH | β | 0 |
| CVE-2019-14387 cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | N/A | NONE | β | 0 |
| CVE-2019-11498 WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a den... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-9724 aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component. | N/A | NONE | β | 0 |
| CVE-2018-13443 EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file. | N/A | NONE | β | 0 |
| CVE-2019-10239 Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account... | N/A | NONE | β | 0 |
| CVE-2019-11032 In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations. | N/A | NONE | β | 0 |
| CVE-2019-11081 A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. | N/A | NONE | β | 0 |
| CVE-2019-7211 SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. | N/A | NONE | β | 0 |
| CVE-2019-11615 /fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server. | N/A | NONE | β | 0 |
| CVE-2019-7213 SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail s... | N/A | NONE | β | 0 |
| CVE-2019-7214 SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This por... | N/A | NONE | β | 0 |
| CVE-2019-9734 Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances. | N/A | NONE | β | 0 |
| CVE-2019-3786 Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of... | 7.1 | HIGH | β | 0 |
| CVE-2019-3789 Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permission... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-3793 Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unaut... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3868 Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider ... | N/A | NONE | β | 0 |
| CVE-2019-3882 A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local at... | 5.5 | MEDIUM | β | 0 |
| CVE-2018-10055 Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted config... | N/A | NONE | β | 0 |
| CVE-2018-7577 Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory. | N/A | NONE | β | 0 |
| CVE-2019-10691 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. | N/A | NONE | β | 0 |
| CVE-2019-9635 NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. | N/A | NONE | β | 0 |
| CVE-2019-9950 Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is ... | N/A | NONE | β | 0 |
| CVE-2019-9951 Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is ... | N/A | NONE | β | 0 |
| CVE-2019-10008 Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the g... | N/A | NONE | β | 0 |
| CVE-2019-11217 The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. | N/A | NONE | β | 0 |
| CVE-2019-11218 Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privi... | N/A | NONE | β | 0 |
| CVE-2017-18367 libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall ... | N/A | NONE | β | 0 |
| CVE-2019-11488 Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a pers... | N/A | NONE | β | 0 |
| CVE-2018-18251 Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rul... | N/A | NONE | β | 0 |
| CVE-2018-20434 LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax... | N/A | NONE | β | 0 |
| CVE-2018-7575 Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. | N/A | NONE | β | 0 |
| CVE-2019-11203 The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Sil... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-11502 snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp dire... | N/A | NONE | β | 0 |
| CVE-2018-20823 The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. | N/A | NONE | β | 0 |
| CVE-2019-11503 snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass... | N/A | NONE | β | 0 |
| CVE-2019-11504 Zotonic before version 0.47 has mod_admin XSS. | N/A | NONE | β | 0 |
| CVE-2019-11505 In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of ser... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.