Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-13361 Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-15902 A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse o... | 5.6 | MEDIUM | — | 0 |
| CVE-2019-10709 AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoCo... | N/A | NONE | — | 0 |
| CVE-2019-12587 The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any E... | N/A | NONE | — | 0 |
| CVE-2019-12588 The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association ... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-15718 In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access ... | 4.4 | MEDIUM | — | 0 |
| CVE-2019-10988 In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no l... | 3.4 | LOW | — | 0 |
| CVE-2019-13209 Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into ... | N/A | NONE | — | 0 |
| CVE-2019-15813 Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | 8.8 | HIGH | — | 0 |
| CVE-2019-15814 Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | N/A | NONE | — | 0 |
| CVE-2019-13518 An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior. | N/A | NONE | — | 0 |
| CVE-2019-13522 An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior. | 7.8 | HIGH | — | 0 |
| CVE-2019-15916 An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2019-13975 eGain Chat 15.0.3 allows HTML Injection. | N/A | NONE | — | 0 |
| CVE-2019-6645 On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured ma... | 7.5 | HIGH | — | 0 |
| CVE-2019-6648 On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and... | 4.4 | MEDIUM | — | 0 |
| CVE-2019-6644 Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked... | 9.4 | CRITICAL | — | 0 |
| CVE-2019-6647 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under ra... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-6643 On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured wit... | 7.5 | HIGH | — | 0 |
| CVE-2019-6646 On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. | N/A | NONE | — | 0 |
| CVE-2019-11547 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on ... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-11548 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues th... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-11549 An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure iss... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-11605 An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab ... | 7.5 | HIGH | — | 0 |
| CVE-2019-16172 LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript ... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16173 LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, | 5.4 | MEDIUM | — | 0 |
| CVE-2019-16190 SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folde... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-6782 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issu... | 7.5 | HIGH | — | 0 |
| CVE-2019-6783 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could l... | 8.8 | HIGH | — | 0 |
| CVE-2019-16177 In Limesurvey before 3.17.14, the entire database is exposed through browser caching. | 7.5 | HIGH | — | 0 |
| CVE-2019-6784 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input ... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-6785 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Ma... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-6786 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-6788 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations usi... | 7.5 | HIGH | — | 0 |
| CVE-2019-6789 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users ... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-6792 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project imp... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-6793 An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | 7.0 | HIGH | — | 0 |
| CVE-2019-6794 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user ... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-6795 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a Us... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-6960 An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the int... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-6995 An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are ab... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-6996 An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request ... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-6997 An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Syst... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-10253 A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace ... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16178 A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of a... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-15297 res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. ... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16145 The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-16147 Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-16174 An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | 8.8 | HIGH | — | 0 |
| CVE-2019-16175 A clickjacking vulnerability was found in Limesurvey before 3.17.14. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.