Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-16464 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use a... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8600 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-5841 An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19333 In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrus... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16463 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untru... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16462 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-10387 Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16460 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untru... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-4486 Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16459 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use a... | 9.8 | CRITICAL | — | 0 |
| CVE-2013-7070 The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | 9.8 | CRITICAL | — | 0 |
| CVE-2004-2776 go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16455 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untru... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16454 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-o... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16453 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a securi... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16452 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use a... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16451 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap o... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16450 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-o... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16448 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use a... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19617 phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16446 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untru... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16445 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use a... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16444 Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary... | 9.8 | CRITICAL | — | 0 |
| CVE-2014-8650 python-requests-Kerberos through 0.5 does not handle mutual authentication | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8849 The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-7478 A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19899 Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16885 In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/Product... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19690 Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-5074 An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) an... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-5081 An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware ver... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19459 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that wil... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-7183 This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11131 Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11107 Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19594 reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10572 Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdrag... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-5096 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-3984 Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-18572 The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host... | 9.8 | CRITICAL | — | 0 |
| CVE-2014-2651 Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | 9.8 | CRITICAL | — | 0 |
| CVE-2019-14910 A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication ... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-0729 This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versi... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-0730 This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11930 An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11934 Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17556 Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious met... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11935 Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5,... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11936 Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-11940 In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free ... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.