CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2019-15813 Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | 8.8 | HIGH | — | 0 |
| CVE-2019-15814 Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | N/A | NONE | — | 0 |
| CVE-2019-13518 An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. | N/A | NONE | — | 0 |
| CVE-2019-13522 An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. | 7.8 | HIGH | — | 0 |
| CVE-2019-15916 An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2019-13975 eGain Chat 15.0.3 allows HTML Injection. | N/A | NONE | — | 0 |
| CVE-2019-6645 On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured ma... | 7.5 | HIGH | — | 0 |
| CVE-2019-6648 On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and... | 4.4 | MEDIUM | — | 0 |
| CVE-2019-6644 Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked... | 9.4 | CRITICAL | — | 0 |
| CVE-2019-6647 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under ra... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-6643 On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured wit... | 7.5 | HIGH | — | 0 |
| CVE-2019-6646 On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. | N/A | NONE | — | 0 |
| CVE-2025-32588 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial credova-financial allows Reflected XSS.This issue affects Cred... | N/A | NONE | — | 0 |
| CVE-2019-15917 An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. | 7.0 | HIGH | — | 0 |
| CVE-2019-15918 An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to s... | 7.8 | HIGH | — | 0 |
| CVE-2019-15919 An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. | 3.3 | LOW | — | 0 |
| CVE-2019-15920 An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents ... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-15921 An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. | 4.7 | MEDIUM | — | 0 |
| CVE-2019-6172 A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | 6.4 | MEDIUM | — | 0 |
| CVE-2019-15922 An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. | N/A | NONE | — | 0 |
| CVE-2019-15923 An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. | N/A | NONE | — | 0 |
| CVE-2019-15924 An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_w... | N/A | NONE | — | 0 |
| CVE-2019-12586 The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows ... | N/A | NONE | — | 0 |
| CVE-2019-14319 The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information... | N/A | NONE | — | 0 |
| CVE-2019-13187 The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php. | N/A | NONE | — | 0 |
| CVE-2019-14470 cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | N/A | NONE | — | 0 |
| CVE-2017-18595 An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | 7.8 | HIGH | — | 0 |
| CVE-2018-21008 An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. | N/A | NONE | — | 0 |
| CVE-2019-15925 An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_t... | 7.8 | HIGH | — | 0 |
| CVE-2019-15926 An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-15927 An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | 7.8 | HIGH | — | 0 |
| CVE-2019-12632 A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerabil... | 7.5 | HIGH | — | 0 |
| CVE-2019-12633 A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack ... | 7.5 | HIGH | — | 0 |
| CVE-2019-12635 A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulner... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-12644 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack ag... | N/A | NONE | — | 0 |
| CVE-2019-13188 In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. | N/A | NONE | — | 0 |
| CVE-2019-12645 A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on... | 7.8 | HIGH | — | 0 |
| CVE-2019-1939 A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper r... | 8.8 | HIGH | — | 0 |
| CVE-2019-1976 A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an a... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21009 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | N/A | NONE | — | 0 |
| CVE-2018-21010 OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | 8.8 | HIGH | — | 0 |
| CVE-2019-10677 Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of a... | N/A | NONE | — | 0 |
| CVE-2019-12223 An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long usern... | N/A | NONE | — | 0 |
| CVE-2019-15937 Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | N/A | NONE | — | 0 |
| CVE-2019-15938 Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. | N/A | NONE | — | 0 |
| CVE-2019-4149 IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-13191 A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page. | N/A | NONE | — | 0 |
| CVE-2019-4186 IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remot... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-4321 IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not req... | 7.5 | HIGH | — | 0 |
| CVE-2018-11569 Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.