Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-18608 The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues. | 6.1 | MEDIUM | β | 0 |
| CVE-2017-18609 The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2017-18610 The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2017-18611 The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-16202 MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indicati... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-12401 Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via itβs update handler.?By leveraging XML DOCTYPE and ENTITY ty... | 7.5 | HIGH | β | 0 |
| CVE-2019-14721 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-14722 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-14723 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-14726 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-14727 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-14728 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-14729 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-14730 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-15896 An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnera... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-10256 An authentication bypass vulnerability in VIVOTEK IPCam versions prior to 0x13a was found. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-16106 The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm tx... | 7.5 | HIGH | β | 0 |
| CVE-2019-3975 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-5503 OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-0352 In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cac... | 7.5 | HIGH | β | 0 |
| CVE-2019-0353 Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. | 3.3 | LOW | β | 0 |
| CVE-2019-0355 SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code ... | 7.2 | HIGH | β | 0 |
| CVE-2019-12996 In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-0356 Under certain conditions SAP NetWeaver Process Integration Runtime Workbench β MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise ... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-0357 The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. | 6.7 | MEDIUM | β | 0 |
| CVE-2019-0361 SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-0363 Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network por... | 7.1 | HIGH | β | 0 |
| CVE-2019-0364 Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports. | 4.3 | MEDIUM | β | 0 |
| CVE-2019-0365 SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.... | 7.5 | HIGH | β | 0 |
| CVE-2019-16225 An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs wh... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11464 Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some in... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-11465 An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase a... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-12105 In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default bu... | 8.2 | HIGH | β | 0 |
| CVE-2019-1547 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit paramete... | 4.7 | MEDIUM | β | 0 |
| CVE-2019-1549 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-39513 Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ActiveDEMAND: fr... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-1563 In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recove... | 3.7 | LOW | β | 0 |
| CVE-2019-11466 In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This h... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-11467 In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as en... | 7.5 | HIGH | β | 0 |
| CVE-2019-11495 In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potent... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11496 In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets inc... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-11497 In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invali... | 7.5 | HIGH | β | 0 |
| CVE-2019-14457 VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-11668 HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.5... | 7.5 | HIGH | β | 0 |
| CVE-2019-11669 Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. | 7.5 | HIGH | β | 0 |
| CVE-2019-12942 TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-12943 TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names. | 8.1 | HIGH | β | 0 |
| CVE-2019-16214 Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character fo... | 5.7 | MEDIUM | β | 0 |
| CVE-2019-14998 The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a s... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-16173 LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, | 5.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.