Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-6147 Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-53822 Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | 10.0 | CRITICAL | β | 0 |
| CVE-2019-12567 Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP erro... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-12568 Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP erro... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-18211 An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitr... | 8.8 | HIGH | β | 0 |
| CVE-2019-19947 In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | 4.6 | MEDIUM | β | 0 |
| CVE-2019-19948 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19949 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | 9.1 | CRITICAL | β | 0 |
| CVE-2019-19950 In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19951 In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19952 In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19953 In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | 9.1 | CRITICAL | β | 0 |
| CVE-2017-16778 An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow phys... | 4.6 | MEDIUM | β | 0 |
| CVE-2019-18249 Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on ... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-19954 Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. | 7.3 | HIGH | β | 0 |
| CVE-2019-19923 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or inco... | 7.5 | HIGH | β | 0 |
| CVE-2019-19924 SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-19925 zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | 7.5 | HIGH | β | 0 |
| CVE-2019-5702 NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to ... | 7.8 | HIGH | β | 0 |
| CVE-2019-19960 In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-19962 wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 7.5 | HIGH | β | 0 |
| CVE-2019-19963 An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channe... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-19965 In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race c... | 4.7 | MEDIUM | β | 0 |
| CVE-2019-19966 In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | 4.6 | MEDIUM | β | 0 |
| CVE-2019-19967 The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password... | 7.5 | HIGH | β | 0 |
| CVE-2019-19977 libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19979 A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with res... | 8.8 | HIGH | β | 0 |
| CVE-2019-19980 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrat... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-19981 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-19982 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send ... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-19983 In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs ... | 4.3 | MEDIUM | β | 0 |
| CVE-2019-19984 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. | 6.3 | MEDIUM | β | 0 |
| CVE-2019-19985 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-19998 Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. | 7.5 | HIGH | β | 0 |
| CVE-2019-19999 Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | 7.2 | HIGH | β | 0 |
| CVE-2019-20000 The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted. | 5.9 | MEDIUM | β | 0 |
| CVE-2019-15691 TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder ... | 7.2 | HIGH | β | 0 |
| CVE-2019-15692 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could po... | 7.2 | HIGH | β | 0 |
| CVE-2019-15693 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execu... | 7.2 | HIGH | β | 0 |
| CVE-2019-15694 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStr... | 7.2 | HIGH | β | 0 |
| CVE-2019-19540 The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-19541 The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-19542 The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. | 5.4 | MEDIUM | β | 0 |
| CVE-2019-15695 TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFor... | 7.2 | HIGH | β | 0 |
| CVE-2019-19681 Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE:... | 8.8 | HIGH | β | 0 |
| CVE-2019-6008 An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/... | 7.8 | HIGH | β | 0 |
| CVE-2019-6011 Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-6012 SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 7.2 | HIGH | β | 0 |
| CVE-2019-9472 In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User in... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-6013 DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). | 6.6 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.