Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2019-14993 Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding A... | N/A | NONE | — | 0 |
| CVE-2019-10927 A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authentica... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-10928 A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow exe... | 6.6 | MEDIUM | — | 0 |
| CVE-2019-10929 A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515S... | 5.9 | MEDIUM | — | 0 |
| CVE-2019-10942 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.... | 8.6 | HIGH | — | 0 |
| CVE-2019-10943 A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Cont... | 7.5 | HIGH | — | 0 |
| CVE-2019-13415 Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13416 Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s)... | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9316 The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter. | N/A | NONE | — | 0 |
| CVE-2019-12806 UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote att... | 8.8 | HIGH | — | 0 |
| CVE-2019-12807 Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim t... | 7.8 | HIGH | — | 0 |
| CVE-2019-12808 ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service t... | 7.8 | HIGH | — | 0 |
| CVE-2019-14984 eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/x... | N/A | NONE | — | 0 |
| CVE-2019-14985 eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC vir... | N/A | NONE | — | 0 |
| CVE-2019-14986 eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Bro... | N/A | NONE | — | 0 |
| CVE-2019-11207 The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow... | N/A | NONE | — | 0 |
| CVE-2019-12479 An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specifi... | N/A | NONE | — | 0 |
| CVE-2019-14809 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appeari... | N/A | NONE | — | 0 |
| CVE-2019-5223 PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result i... | N/A | NONE | — | 0 |
| CVE-2019-5280 The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certifica... | N/A | NONE | — | 0 |
| CVE-2019-5299 Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to ... | N/A | NONE | — | 0 |
| CVE-2019-9512 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue... | 7.5 | HIGH | — | 0 |
| CVE-2019-15028 In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. | N/A | NONE | — | 0 |
| CVE-2014-10375 handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. | N/A | NONE | — | 0 |
| CVE-2019-14973 _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. ... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-14975 Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. | N/A | NONE | — | 0 |
| CVE-2019-15027 The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filena... | N/A | NONE | — | 0 |
| CVE-2019-0331 Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to... | N/A | NONE | — | 0 |
| CVE-2019-0332 SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs ... | N/A | NONE | — | 0 |
| CVE-2019-0333 In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data se... | N/A | NONE | — | 0 |
| CVE-2019-0334 When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentia... | N/A | NONE | — | 0 |
| CVE-2019-0335 Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description... | N/A | NONE | — | 0 |
| CVE-2016-10889 The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. | N/A | NONE | — | 0 |
| CVE-2019-0337 Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious sc... | N/A | NONE | — | 0 |
| CVE-2019-0338 During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted informat... | N/A | NONE | — | 0 |
| CVE-2019-0340 The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at mult... | N/A | NONE | — | 0 |
| CVE-2019-0341 The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cook... | N/A | NONE | — | 0 |
| CVE-2019-0343 SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leadi... | N/A | NONE | — | 0 |
| CVE-2015-9347 The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. | N/A | NONE | — | 0 |
| CVE-2019-0345 A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted ... | N/A | NONE | — | 0 |
| CVE-2019-0346 Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP ... | N/A | NONE | — | 0 |
| CVE-2019-0348 SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. | N/A | NONE | — | 0 |
| CVE-2019-0351 A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Regist... | N/A | NONE | — | 0 |
| CVE-2015-9311 The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. | N/A | NONE | — | 0 |
| CVE-2015-9312 The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | N/A | NONE | — | 0 |
| CVE-2015-9313 The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. | N/A | NONE | — | 0 |
| CVE-2019-0349 SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT,... | N/A | NONE | — | 0 |
| CVE-2019-15025 The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page. | N/A | NONE | — | 0 |
| CVE-2019-15046 Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | 7.5 | HIGH | — | 0 |
| CVE-2019-7870 Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.