Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2019-13352 WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorith... | N/A | NONE | — | 0 |
| CVE-2019-1921 A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on th... | N/A | NONE | — | 0 |
| CVE-2019-13358 lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. | 7.5 | HIGH | — | 0 |
| CVE-2019-10638 In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to mul... | N/A | NONE | — | 0 |
| CVE-2019-10639 The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KA... | N/A | NONE | — | 0 |
| CVE-2019-1887 A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (D... | N/A | NONE | — | 0 |
| CVE-2019-1891 A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a... | N/A | NONE | — | 0 |
| CVE-2019-13401 Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. | N/A | NONE | — | 0 |
| CVE-2019-1892 A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a me... | N/A | NONE | — | 0 |
| CVE-2019-1893 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affecte... | 7.8 | HIGH | — | 0 |
| CVE-2019-1894 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlyi... | N/A | NONE | — | 0 |
| CVE-2019-1909 A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) conditi... | N/A | NONE | — | 0 |
| CVE-2019-1911 A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is... | N/A | NONE | — | 0 |
| CVE-2025-27324 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 17track 17TRACK for WooCommerce 17track allows Reflected XSS.This issue affects 17TRACK for WooCom... | N/A | NONE | — | 0 |
| CVE-2019-1922 A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affecte... | N/A | NONE | — | 0 |
| CVE-2019-1932 A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerabi... | N/A | NONE | — | 0 |
| CVE-2019-1933 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the dev... | N/A | NONE | — | 0 |
| CVE-2019-13362 Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy. | N/A | NONE | — | 0 |
| CVE-2019-13370 index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. | 8.8 | HIGH | — | 0 |
| CVE-2019-13372 /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username fie... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-1010096 DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?ui... | N/A | NONE | — | 0 |
| CVE-2019-13373 An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Publ... | N/A | NONE | — | 0 |
| CVE-2019-13374 A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web scrip... | N/A | NONE | — | 0 |
| CVE-2019-13375 A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not... | N/A | NONE | — | 0 |
| CVE-2019-13183 Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. | N/A | NONE | — | 0 |
| CVE-2019-13402 /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because ne... | N/A | NONE | — | 0 |
| CVE-2019-13379 On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action... | N/A | NONE | — | 0 |
| CVE-2019-13390 In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. | N/A | NONE | — | 0 |
| CVE-2019-13391 In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. | N/A | NONE | — | 0 |
| CVE-2019-13398 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (... | N/A | NONE | — | 0 |
| CVE-2019-13399 Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. | N/A | NONE | — | 0 |
| CVE-2019-13400 Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. | N/A | NONE | — | 0 |
| CVE-2019-13404 The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases bef... | N/A | NONE | — | 0 |
| CVE-2018-11563 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged ... | 4.6 | MEDIUM | — | 0 |
| CVE-2019-12171 Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store cleartext credentials in memory upon successful login or new account creation. These are ... | N/A | NONE | — | 0 |
| CVE-2019-12174 hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hi... | N/A | NONE | — | 0 |
| CVE-2019-13354 The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6. | N/A | NONE | — | 0 |
| CVE-2019-13413 The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-13414 The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-10973 Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user inte... | N/A | NONE | — | 0 |
| CVE-2019-2104 In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution priv... | N/A | NONE | — | 0 |
| CVE-2019-2105 In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additiona... | N/A | NONE | — | 0 |
| CVE-2019-2106 In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.... | N/A | NONE | — | 0 |
| CVE-2019-13611 An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a vic... | N/A | NONE | — | 0 |
| CVE-2019-2107 In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges n... | N/A | NONE | — | 0 |
| CVE-2019-2109 In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution ... | N/A | NONE | — | 0 |
| CVE-2019-2111 In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges nee... | N/A | NONE | — | 0 |
| CVE-2019-2112 In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction ... | N/A | NONE | — | 0 |
| CVE-2019-2113 In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not neede... | N/A | NONE | — | 0 |
| CVE-2019-2116 In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges need... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.