Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2012-2237 Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascr... | 6.1 | MEDIUM | — | 0 |
| CVE-2014-8179 Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject... | 7.5 | HIGH | — | 0 |
| CVE-2019-19634 class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a simi... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19497 MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-0383 Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not per... | 8.8 | HIGH | — | 0 |
| CVE-2019-0384 Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not per... | 8.8 | HIGH | — | 0 |
| CVE-2019-19241 In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and ne... | 7.8 | HIGH | — | 0 |
| CVE-2019-17334 The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Sp... | 8.0 | HIGH | — | 0 |
| CVE-2019-17335 The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an a... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-17336 The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an a... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-19775 The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-17337 The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker t... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-3992 ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongs... | 7.5 | HIGH | — | 0 |
| CVE-2019-3993 ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request. | 7.5 | HIGH | — | 0 |
| CVE-2019-3994 ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST request... | 7.5 | HIGH | — | 0 |
| CVE-2019-19845 In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-3995 ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP G... | 7.5 | HIGH | — | 0 |
| CVE-2019-3996 ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-11657 Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | 8.8 | HIGH | — | 0 |
| CVE-2019-18257 In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15013 The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attacker... | 4.3 | MEDIUM | — | 0 |
| CVE-2018-11980 When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdrag... | 7.8 | HIGH | — | 0 |
| CVE-2019-10480 Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon C... | 7.8 | HIGH | — | 0 |
| CVE-2019-10481 Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics Connectivit... | 7.8 | HIGH | — | 0 |
| CVE-2019-10482 Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute,... | 5.9 | MEDIUM | — | 0 |
| CVE-2019-10487 Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10500 While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industria... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10513 Possibility of Null pointer access if the SPDM commands are executed in the non-standard way in Trustzone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electroni... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-10516 Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10517 Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra... | 7.8 | HIGH | — | 0 |
| CVE-2019-8772 An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrat... | 7.5 | HIGH | — | 0 |
| CVE-2019-10518 Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snap... | 7.8 | HIGH | — | 0 |
| CVE-2019-10525 Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Ind... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10536 Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute, Snapdrago... | 7.8 | HIGH | — | 0 |
| CVE-2019-10537 Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is c... | 7.8 | HIGH | — | 0 |
| CVE-2019-6204 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-10544 Improper length check on source buffer to handle userspace data received can lead to out-of-bound access in diag handlers in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connec... | 7.8 | HIGH | — | 0 |
| CVE-2019-10557 Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdrago... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10564 Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity... | 7.8 | HIGH | — | 0 |
| CVE-2019-10572 Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdrag... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-10584 Possibility of out of bound access in debug queue, if packet size field is corrupted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snap... | 7.8 | HIGH | — | 0 |
| CVE-2019-10595 Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Sna... | 7.8 | HIGH | — | 0 |
| CVE-2019-10598 Out of bound access can occur while processing peer info in IBSS connection mode due to lack of upper bounds check to ensure that for loop further will not cause an overflow in Snapdragon Auto, Snapdr... | 7.8 | HIGH | — | 0 |
| CVE-2019-10600 Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IO... | 7.8 | HIGH | — | 0 |
| CVE-2019-10601 Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdrag... | 7.8 | HIGH | — | 0 |
| CVE-2019-10605 Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapd... | 7.8 | HIGH | — | 0 |
| CVE-2019-10607 Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdra... | 7.8 | HIGH | — | 0 |
| CVE-2019-10614 Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon C... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-19880 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | 7.5 | HIGH | — | 0 |
| CVE-2019-2242 Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.