Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-7349 Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in ... | N/A | NONE | β | 0 |
| CVE-2019-7350 Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of... | N/A | NONE | β | 0 |
| CVE-2019-7351 Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in th... | N/A | NONE | β | 0 |
| CVE-2019-7352 Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka new... | N/A | NONE | β | 0 |
| CVE-2016-1000271 Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appe... | N/A | NONE | β | 0 |
| CVE-2018-1000998 FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same doma... | N/A | NONE | β | 0 |
| CVE-2018-1675 IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110. | N/A | NONE | β | 0 |
| CVE-2018-1801 IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is... | N/A | NONE | β | 0 |
| CVE-2018-1962 IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access... | N/A | NONE | β | 0 |
| CVE-2018-1970 IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive infor... | N/A | NONE | β | 0 |
| CVE-2018-20752 An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a us... | N/A | NONE | β | 0 |
| CVE-2019-1000001 TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. Th... | N/A | NONE | β | 0 |
| CVE-2019-1000002 Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has ac... | N/A | NONE | β | 0 |
| CVE-2019-1000003 MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post ... | N/A | NONE | β | 0 |
| CVE-2019-1000004 yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allo... | N/A | NONE | β | 0 |
| CVE-2019-1000005 mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file wr... | N/A | NONE | β | 0 |
| CVE-2019-1000006 RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that ... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-1000007 aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can resul... | N/A | NONE | β | 0 |
| CVE-2018-18996 LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | N/A | NONE | β | 0 |
| CVE-2019-1000008 All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --unt... | N/A | NONE | β | 0 |
| CVE-2019-1000009 Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result ... | N/A | NONE | β | 0 |
| CVE-2019-1000010 phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploita... | N/A | NONE | β | 0 |
| CVE-2019-1000011 API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resourc... | N/A | NONE | β | 0 |
| CVE-2019-1000012 Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code executio... | N/A | NONE | β | 0 |
| CVE-2019-1000013 Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code exe... | N/A | NONE | β | 0 |
| CVE-2019-1000014 Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. T... | N/A | NONE | β | 0 |
| CVE-2019-1000015 Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main... | N/A | NONE | β | 0 |
| CVE-2019-1000016 FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via speciall... | N/A | NONE | β | 0 |
| CVE-2019-1000017 Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the pl... | N/A | NONE | β | 0 |
| CVE-2019-1000019 libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_for... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-1000020 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 ... | 6.5 | MEDIUM | β | 0 |
| CVE-2018-15658 An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authen... | N/A | NONE | β | 0 |
| CVE-2019-1000021 slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options pro... | N/A | NONE | β | 0 |
| CVE-2019-1000022 Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery (CSRF) vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF tok... | N/A | NONE | β | 0 |
| CVE-2019-1000023 OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) version v3.6-2 and earlier versions contains a SQL Injection vulnerability in Identified vulnerable parameters: id, id_access_type and i... | N/A | NONE | β | 0 |
| CVE-2019-1000024 OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters ... | N/A | NONE | β | 0 |
| CVE-2019-4038 IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness ... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-15778 Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). | N/A | NONE | β | 0 |
| CVE-2019-7387 A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from syste... | N/A | NONE | β | 0 |
| CVE-2019-7388 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address)... | N/A | NONE | β | 0 |
| CVE-2019-7389 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via... | N/A | NONE | β | 0 |
| CVE-2019-7390 An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all cli... | N/A | NONE | β | 0 |
| CVE-2019-7395 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. | 7.5 | HIGH | β | 0 |
| CVE-2018-15659 An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible. | N/A | NONE | β | 0 |
| CVE-2019-7396 In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. | 7.5 | HIGH | β | 0 |
| CVE-2019-7397 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. | 7.5 | HIGH | β | 0 |
| CVE-2019-7398 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. | 7.5 | HIGH | β | 0 |
| CVE-2018-15655 An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. | N/A | NONE | β | 0 |
| CVE-2018-15656 An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail add... | N/A | NONE | β | 0 |
| CVE-2018-19782 Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.