Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-7675 An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI... | N/A | NONE | — | 0 |
| CVE-2019-7701 A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to deni... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-7676 A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account. | N/A | NONE | — | 0 |
| CVE-2019-7677 XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | N/A | NONE | — | 0 |
| CVE-2019-7678 A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | N/A | NONE | — | 0 |
| CVE-2019-7684 inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxed... | N/A | NONE | — | 0 |
| CVE-2018-13792 Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-7692 install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call ... | N/A | NONE | — | 0 |
| CVE-2018-20767 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. Ther... | N/A | NONE | — | 0 |
| CVE-2018-20780 Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). | N/A | NONE | — | 0 |
| CVE-2018-20768 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An a... | N/A | NONE | — | 0 |
| CVE-2018-20769 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. Ther... | N/A | NONE | — | 0 |
| CVE-2018-20770 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. Ther... | N/A | NONE | — | 0 |
| CVE-2018-20771 An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. Ther... | N/A | NONE | — | 0 |
| CVE-2019-7693 Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor... | N/A | NONE | — | 0 |
| CVE-2019-7697 An issue was discovered in Bento4 v1.5.1-627. There is an assertion failure in AP4_AtomListWriter::Action in Core/Ap4Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42hl... | N/A | NONE | — | 0 |
| CVE-2019-7698 An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated b... | N/A | NONE | — | 0 |
| CVE-2019-7699 A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in Codecs/Ap4BitStream.cpp in Bento4 v1.5.1-627. Remote attackers could leverage this vulnerability to cause an exception via crafted ... | N/A | NONE | — | 0 |
| CVE-2019-7702 A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to den... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-7703 In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a w... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-7704 wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt. | 6.5 | MEDIUM | — | 0 |
| CVE-2018-20772 Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | N/A | NONE | — | 0 |
| CVE-2018-20773 Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | N/A | NONE | — | 0 |
| CVE-2018-20774 Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | N/A | NONE | — | 0 |
| CVE-2018-20775 admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | N/A | NONE | — | 0 |
| CVE-2018-20776 Frog CMS 0.9.5 provides a directory listing for a /public request. | N/A | NONE | — | 0 |
| CVE-2018-20777 Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | N/A | NONE | — | 0 |
| CVE-2018-20778 admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | N/A | NONE | — | 0 |
| CVE-2018-20779 Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | N/A | NONE | — | 0 |
| CVE-2019-7718 An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsq... | N/A | NONE | — | 0 |
| CVE-2019-7719 Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request. | N/A | NONE | — | 0 |
| CVE-2019-7720 taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | N/A | NONE | — | 0 |
| CVE-2019-7721 lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters. | N/A | NONE | — | 0 |
| CVE-2018-20587 Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC ... | N/A | NONE | — | 0 |
| CVE-2019-6975 Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() funct... | N/A | NONE | — | 0 |
| CVE-2019-7722 PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when us... | N/A | NONE | — | 0 |
| CVE-2019-7732 In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance c... | N/A | NONE | — | 0 |
| CVE-2018-11847 Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapd... | N/A | NONE | — | 0 |
| CVE-2018-11855 If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna... | N/A | NONE | — | 0 |
| CVE-2018-11888 Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electroni... | N/A | NONE | — | 0 |
| CVE-2018-11899 While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrago... | N/A | NONE | — | 0 |
| CVE-2018-11962 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory. | N/A | NONE | — | 0 |
| CVE-2018-12006 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized paddin... | N/A | NONE | — | 0 |
| CVE-2018-12010 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corrup... | N/A | NONE | — | 0 |
| CVE-2018-12011 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure. | N/A | NONE | — | 0 |
| CVE-2018-12014 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module... | N/A | NONE | — | 0 |
| CVE-2018-12547 In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the a... | N/A | NONE | — | 0 |
| CVE-2018-12549 In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | N/A | NONE | — | 0 |
| CVE-2018-13888 There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IO... | N/A | NONE | — | 0 |
| CVE-2018-13889 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.