Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2019-1282 An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks, aka 'Windows Common Log File System Driver Information Disclosure ... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1283 An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1284 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 | HIGH | — | 0 |
| CVE-2019-1285 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique... | 7.8 | HIGH | — | 0 |
| CVE-2019-1295 A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This C... | 8.8 | HIGH | — | 0 |
| CVE-2019-1286 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is un... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1287 An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege ... | 7.8 | HIGH | — | 0 |
| CVE-2019-1289 An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Pr... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1290 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ... | 8.8 | HIGH | — | 0 |
| CVE-2019-16665 An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-1291 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ... | 8.8 | HIGH | — | 0 |
| CVE-2019-1292 A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 4.9 | MEDIUM | — | 0 |
| CVE-2019-1293 An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclosu... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1294 A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'. | 4.6 | MEDIUM | — | 0 |
| CVE-2016-10947 The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | 7.2 | HIGH | — | 0 |
| CVE-2019-1296 A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This C... | 8.8 | HIGH | — | 0 |
| CVE-2019-1298 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. Thi... | 7.5 | HIGH | — | 0 |
| CVE-2019-1299 An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1300 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. Thi... | 7.5 | HIGH | — | 0 |
| CVE-2019-1301 A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. | 7.5 | HIGH | — | 0 |
| CVE-2019-16312 s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-1303 An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the... | 7.8 | HIGH | — | 0 |
| CVE-2019-1305 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-1306 A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code E... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-5054 An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty U... | 7.5 | HIGH | — | 0 |
| CVE-2019-5055 An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in ... | 7.5 | HIGH | — | 0 |
| CVE-2019-10396 Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16248 The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that ... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-16249 OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16250 includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | 7.5 | HIGH | — | 0 |
| CVE-2019-16257 Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or exe... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10392 Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 8.8 | HIGH | — | 0 |
| CVE-2019-10393 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sand... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-10394 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allo... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-10398 Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file s... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-10399 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attac... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-10400 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allow... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-16238 Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-3638 Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute comma... | 8.1 | HIGH | — | 0 |
| CVE-2019-5956 Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-5975 DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-5978 Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5985 Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmw... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5986 Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV... | 8.8 | HIGH | — | 0 |
| CVE-2019-5991 SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 7.6 | HIGH | — | 0 |
| CVE-2019-5992 Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified v... | 8.8 | HIGH | — | 0 |
| CVE-2019-5993 Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecifi... | 8.8 | HIGH | — | 0 |
| CVE-2019-5996 SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 | HIGH | — | 0 |
| CVE-2019-6003 Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 | MEDIUM | — | 0 |
| CVE-2017-18444 cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.