Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2019-13181 A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13182 A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16778 In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int... | 2.6 | LOW | — | 0 |
| CVE-2019-18191 A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution priv... | 8.8 | HIGH | — | 0 |
| CVE-2019-19818 The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content. | 5.5 | MEDIUM | — | 0 |
| CVE-2018-11751 Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-42183 BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or all... | 2.5 | LOW | — | 0 |
| CVE-2019-5259 There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can vie... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-19826 The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involvi... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18107 Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) v... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-15011 The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-19830 _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-19813 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/m... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-19814 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but t... | 7.8 | HIGH | — | 0 |
| CVE-2019-19816 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a val... | 7.8 | HIGH | — | 0 |
| CVE-2019-19815 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs... | 5.5 | MEDIUM | — | 0 |
| CVE-2014-8178 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a craf... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-18824 Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The ClickShare Button does not verify the integrity of the mutable content on the UBIFS partition... | 6.6 | MEDIUM | — | 0 |
| CVE-2019-18825 Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys... | 7.5 | HIGH | — | 0 |
| CVE-2019-18829 Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads... | 7.8 | HIGH | — | 0 |
| CVE-2019-18832 Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable (OTP) AES encrypt... | 8.1 | HIGH | — | 0 |
| CVE-2019-18833 Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShar... | 5.9 | MEDIUM | — | 0 |
| CVE-2019-19264 In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI. | 7.5 | HIGH | — | 0 |
| CVE-2012-6666 vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-19712 Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16549 Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML d... | 8.1 | HIGH | — | 0 |
| CVE-2019-16550 A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web ser... | 8.8 | HIGH | — | 0 |
| CVE-2019-16551 A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified cred... | 8.8 | HIGH | — | 0 |
| CVE-2019-16552 A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-s... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16553 A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | 8.8 | HIGH | — | 0 |
| CVE-2013-1353 Orange HRM 2.7.1 allows XSS via the vacancy name. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16555 A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular e... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16556 Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extend... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16557 Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permiss... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16558 Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | 8.2 | HIGH | — | 0 |
| CVE-2019-16559 A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16560 A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified pa... | 8.8 | HIGH | — | 0 |
| CVE-2018-10387 Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16561 Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | 7.1 | HIGH | — | 0 |
| CVE-2019-16562 Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptio... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16563 Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change t... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16564 Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content suc... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16565 A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained t... | 8.8 | HIGH | — | 0 |
| CVE-2019-16566 A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials I... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-9471 In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. Use... | 6.7 | MEDIUM | — | 0 |
| CVE-2019-16567 A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-16568 Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16569 A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-16570 A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | 8.8 | HIGH | — | 0 |
| CVE-2019-16571 A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.