Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2014-3136 Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change... | 8.8 | HIGH | β | 0 |
| CVE-2024-42186 BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. | 2.8 | LOW | β | 0 |
| CVE-2014-6420 Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20052 A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-20054 In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-20055 LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-20056 stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-20057 com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled comp... | 3.7 | LOW | β | 0 |
| CVE-2019-20058 Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in ... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20063 hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. | 8.8 | HIGH | β | 0 |
| CVE-2019-20070 On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20071 On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-20072 On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20073 On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20074 On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | 8.8 | HIGH | β | 0 |
| CVE-2019-20090 An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. | 7.8 | HIGH | β | 0 |
| CVE-2019-20075 On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20076 On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | 6.1 | MEDIUM | β | 0 |
| CVE-2019-20079 The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | 7.8 | HIGH | β | 0 |
| CVE-2019-20086 GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. | 8.8 | HIGH | β | 0 |
| CVE-2019-20087 GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. | 8.8 | HIGH | β | 0 |
| CVE-2019-20088 GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. | 7.8 | HIGH | β | 0 |
| CVE-2019-20089 GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. | 7.8 | HIGH | β | 0 |
| CVE-2024-42187 BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal atta... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-20093 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtract... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-20095 mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This ... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-20096 In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-20138 The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used. | 7.5 | HIGH | β | 0 |
| CVE-2019-20139 In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin u... | 5.4 | MEDIUM | β | 0 |
| CVE-2012-1124 SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2012-2452 Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url... | 6.1 | MEDIUM | β | 0 |
| CVE-2012-2517 Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2012-6720 Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location... | 6.1 | MEDIUM | β | 0 |
| CVE-2012-6721 Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | 6.3 | MEDIUM | β | 0 |
| CVE-2013-2120 The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass ... | 8.4 | HIGH | β | 0 |
| CVE-2013-2213 The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent atta... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-1711 An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a ... | 7.7 | HIGH | β | 0 |
| CVE-2020-1726 A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious containe... | 5.9 | MEDIUM | β | 0 |
| CVE-2011-4938 Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2013-4225 The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote aut... | 8.8 | HIGH | β | 0 |
| CVE-2020-1942 In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cl... | 7.5 | HIGH | β | 0 |
| CVE-2020-6063 An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause ... | 8.8 | HIGH | β | 0 |
| CVE-2020-6064 An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause ... | 8.8 | HIGH | β | 0 |
| CVE-2020-6065 An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of... | 8.8 | HIGH | β | 0 |
| CVE-2020-6066 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, ... | 8.8 | HIGH | β | 0 |
| CVE-2020-6067 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds writ... | 8.8 | HIGH | β | 0 |
| CVE-2020-6069 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-... | 8.8 | HIGH | β | 0 |
| CVE-2020-2120 Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | 8.8 | HIGH | β | 0 |
| CVE-2020-0655 A remote code execution vulnerability exists in Remote Desktop Services Γ’β¬β formerly known as Terminal Services Γ’β¬β when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Ser... | 8.0 | HIGH | β | 0 |
| CVE-2020-0657 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privi... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.