Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-4412 IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browse... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-4450 IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-17235 includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows information disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-4454 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4470 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4509 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-4556 IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integri... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-4581 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-14890 A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database ... | 8.4 | HIGH | — | 0 |
| CVE-2019-4645 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5689 NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to... | 7.8 | HIGH | — | 0 |
| CVE-2019-5690 NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which... | 7.8 | HIGH | — | 0 |
| CVE-2019-5691 NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to d... | 7.8 | HIGH | — | 0 |
| CVE-2019-5692 NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating o... | 7.8 | HIGH | — | 0 |
| CVE-2019-5693 NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which m... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-5694 NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (als... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-5701 NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs w... | 7.8 | HIGH | — | 0 |
| CVE-2009-0035 alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | 5.5 | MEDIUM | — | 0 |
| CVE-2009-2802 MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | 6.1 | MEDIUM | — | 0 |
| CVE-2009-3552 In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML... | 3.1 | LOW | — | 0 |
| CVE-2009-3614 liboping 1.3.2 allows users reading arbitrary files upon the local system. | 3.3 | LOW | — | 0 |
| CVE-2019-18883 XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-18929 Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. | 8.8 | HIGH | — | 0 |
| CVE-2019-18930 Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logi... | 8.8 | HIGH | — | 0 |
| CVE-2019-18931 Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. | 8.8 | HIGH | — | 0 |
| CVE-2019-5292 Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an informati... | 3.3 | LOW | — | 0 |
| CVE-2012-4385 letodms 3.3.6 has CSRF via change password | 6.5 | MEDIUM | — | 0 |
| CVE-2019-2192 In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... | 7.8 | HIGH | — | 0 |
| CVE-2014-8167 vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | 5.9 | MEDIUM | — | 0 |
| CVE-2019-16948 An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to d... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-5289 Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packet... | 7.5 | HIGH | — | 0 |
| CVE-2019-5293 Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously.... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-5294 There is an out of bound read vulnerability in some Huawei products. A remote, unauthenticated attacker may send a corrupt or crafted message to the affected products. Due to a buffer read overflow er... | 7.5 | HIGH | — | 0 |
| CVE-2019-2213 In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. Use... | 7.4 | HIGH | — | 0 |
| CVE-2010-4532 offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | 5.9 | MEDIUM | — | 0 |
| CVE-2013-4657 Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16949 An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the use... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-18279 In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environ... | 8.8 | HIGH | — | 0 |
| CVE-2019-2036 In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-17405 Nokia IMPACT < 18A: has Reflected self XSS | 6.1 | MEDIUM | — | 0 |
| CVE-2019-2193 In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admi... | 7.8 | HIGH | — | 0 |
| CVE-2019-2195 In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execu... | 7.8 | HIGH | — | 0 |
| CVE-2019-2196 In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-2197 In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact l... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-2198 In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed fo... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-2199 In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interac... | 6.7 | MEDIUM | — | 0 |
| CVE-2019-2201 In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process... | 7.8 | HIGH | — | 0 |
| CVE-2019-2202 In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privi... | 7.8 | HIGH | — | 0 |
| CVE-2019-2203 In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privi... | 7.8 | HIGH | — | 0 |
| CVE-2019-2204 In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execu... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.