CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2019-16249 OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16250 includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | 7.5 | HIGH | — | 0 |
| CVE-2019-16257 Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10392 Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 8.8 | HIGH | — | 0 |
| CVE-2019-10393 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sand... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-10394 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allo... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-10398 Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file s... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-10399 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attac... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-10400 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allow... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-16238 Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-3638 Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute comma... | 8.1 | HIGH | — | 0 |
| CVE-2019-5956 Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-5975 DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-5978 Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5985 Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmw... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5986 Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV... | 8.8 | HIGH | — | 0 |
| CVE-2019-5991 SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 7.6 | HIGH | — | 0 |
| CVE-2019-5992 Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified v... | 8.8 | HIGH | — | 0 |
| CVE-2019-5993 Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecifi... | 8.8 | HIGH | — | 0 |
| CVE-2019-5996 SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 | HIGH | — | 0 |
| CVE-2019-6003 Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-6004 Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web s... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-6005 Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary softw... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-6007 Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. | 8.8 | HIGH | — | 0 |
| CVE-2019-6009 Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-11773 Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | 7.8 | HIGH | — | 0 |
| CVE-2019-11774 Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is ... | 7.4 | HIGH | — | 0 |
| CVE-2019-14236 On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14237 On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the eff... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11898 Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. | 9.9 | CRITICAL | — | 0 |
| CVE-2019-11899 An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client inst... | 7.5 | HIGH | — | 0 |
| CVE-2019-16275 hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service tha... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-8069 Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8070 Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context o... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8076 Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the cu... | 7.8 | HIGH | — | 0 |
| CVE-2019-13530 Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by ... | 7.2 | HIGH | — | 0 |
| CVE-2019-13534 Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by ... | 7.2 | HIGH | — | 0 |
| CVE-2016-10938 The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-10939 The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | 7.2 | HIGH | — | 0 |
| CVE-2016-10940 The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | 7.2 | HIGH | — | 0 |
| CVE-2016-10941 The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | 6.1 | MEDIUM | — | 0 |
| CVE-2016-10942 The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | 9.8 | CRITICAL | — | 0 |
| CVE-2016-10943 The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | 7.2 | HIGH | — | 0 |
| CVE-2019-16350 ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-10944 The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | 8.8 | HIGH | — | 0 |
| CVE-2016-10945 The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | 8.8 | HIGH | — | 0 |
| CVE-2017-18612 The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2017-18613 The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2017-18614 The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. | 8.1 | HIGH | — | 0 |
| CVE-2017-18615 The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.