Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-3991 An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, p... | N/A | NONE | β | 0 |
| CVE-2019-6504 Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attack... | N/A | NONE | β | 0 |
| CVE-2019-1003005 A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attack... | 8.8 | HIGH | β | 0 |
| CVE-2019-1003008 A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allow... | N/A | NONE | β | 0 |
| CVE-2019-1003009 An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/h... | N/A | NONE | β | 0 |
| CVE-2019-1003010 A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace... | N/A | NONE | β | 0 |
| CVE-2019-1003011 An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkin... | 8.1 | HIGH | β | 0 |
| CVE-2019-1003012 A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n... | N/A | NONE | β | 0 |
| CVE-2024-31407 Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially e... | 6.7 | MEDIUM | β | 0 |
| CVE-2019-1003013 An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src... | N/A | NONE | β | 0 |
| CVE-2019-1003014 An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to d... | N/A | NONE | β | 0 |
| CVE-2019-1003015 An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers wi... | N/A | NONE | β | 0 |
| CVE-2019-1003016 An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins... | N/A | NONE | β | 0 |
| CVE-2019-1003017 A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentiall... | N/A | NONE | β | 0 |
| CVE-2019-1003018 An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins admi... | N/A | NONE | β | 0 |
| CVE-2019-1003019 An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can... | N/A | NONE | β | 0 |
| CVE-2019-1003020 A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET ... | N/A | NONE | β | 0 |
| CVE-2019-1003021 An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins ... | N/A | NONE | β | 0 |
| CVE-2019-1003022 A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. | N/A | NONE | β | 0 |
| CVE-2019-1003023 A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/i... | N/A | NONE | β | 0 |
| CVE-2018-20755 MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | N/A | NONE | β | 0 |
| CVE-2018-20756 MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | N/A | NONE | β | 0 |
| CVE-2018-20757 MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | N/A | NONE | β | 0 |
| CVE-2018-20758 MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | 5.4 | MEDIUM | β | 0 |
| CVE-2015-9282 The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attac... | N/A | NONE | β | 0 |
| CVE-2019-3463 Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the exe... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3464 Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resultin... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-16890 libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does ... | 7.5 | HIGH | β | 0 |
| CVE-2024-32044 Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjace... | 6.8 | MEDIUM | β | 0 |
| CVE-2019-3820 It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-3822 libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_messa... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-3823 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termin... | N/A | NONE | β | 0 |
| CVE-2019-3825 A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer ... | N/A | NONE | β | 0 |
| CVE-2018-3973 An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write ... | 7.8 | HIGH | β | 0 |
| CVE-2018-3976 An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to ... | 7.8 | HIGH | β | 0 |
| CVE-2018-3980 An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds writ... | 7.8 | HIGH | β | 0 |
| CVE-2019-6517 BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating Sy... | 6.8 | MEDIUM | β | 0 |
| CVE-2019-7543 In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. | N/A | NONE | β | 0 |
| CVE-2019-7544 An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. | N/A | NONE | β | 0 |
| CVE-2019-7545 In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. | N/A | NONE | β | 0 |
| CVE-2019-7546 An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. | N/A | NONE | β | 0 |
| CVE-2019-7547 An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. | N/A | NONE | β | 0 |
| CVE-2019-7568 An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. | N/A | NONE | β | 0 |
| CVE-2019-7548 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | 7.8 | HIGH | β | 0 |
| CVE-2018-20760 In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. | N/A | NONE | β | 0 |
| CVE-2018-20761 GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. | N/A | NONE | β | 0 |
| CVE-2018-20762 GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted f... | N/A | NONE | β | 0 |
| CVE-2018-20763 In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. | N/A | NONE | β | 0 |
| CVE-2019-7569 An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1. | N/A | NONE | β | 0 |
| CVE-2018-19782 Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.