Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2013-2228 SaltStack RSA Key Generation allows remote users to decrypt communications | 8.1 | HIGH | — | 0 |
| CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | 4.7 | MEDIUM | — | 0 |
| CVE-2013-4411 Review Board: URL processing gives unauthorized users access to review lists | 4.3 | MEDIUM | — | 0 |
| CVE-2013-4486 Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | 9.8 | CRITICAL | — | 0 |
| CVE-2019-4098 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4130 IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280. | 8.8 | HIGH | — | 0 |
| CVE-2019-4226 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4465 IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774. | 3.3 | LOW | — | 0 |
| CVE-2019-4467 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4468 IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-19523 In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | 4.6 | MEDIUM | — | 0 |
| CVE-2019-19524 In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | 4.6 | MEDIUM | — | 0 |
| CVE-2019-19525 In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. | 4.6 | MEDIUM | — | 0 |
| CVE-2019-19526 In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. | 4.6 | MEDIUM | — | 0 |
| CVE-2019-19527 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | 6.8 | MEDIUM | — | 0 |
| CVE-2019-19528 In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-19529 In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. | 6.3 | MEDIUM | — | 0 |
| CVE-2019-19530 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | 4.6 | MEDIUM | — | 0 |
| CVE-2019-19531 In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. | 6.8 | MEDIUM | — | 0 |
| CVE-2019-19532 In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/h... | 6.8 | MEDIUM | — | 0 |
| CVE-2019-19533 In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | 2.4 | LOW | — | 0 |
| CVE-2019-19534 In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | 2.4 | LOW | — | 0 |
| CVE-2019-19535 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | 4.6 | MEDIUM | — | 0 |
| CVE-2019-19536 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | 4.6 | MEDIUM | — | 0 |
| CVE-2019-19537 In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/c... | 4.2 | MEDIUM | — | 0 |
| CVE-2019-3990 A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-7365 DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may th... | 7.8 | HIGH | — | 0 |
| CVE-2019-7366 Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing... | 7.8 | HIGH | — | 0 |
| CVE-2019-19460 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-10013 The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a cr... | 7.5 | HIGH | — | 0 |
| CVE-2019-13456 In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks info... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16885 In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/Product... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-18992 OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, ... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-18993 OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | 5.4 | MEDIUM | — | 0 |
| CVE-2019-19382 Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | 7.8 | HIGH | — | 0 |
| CVE-2019-19383 freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled). | 8.8 | HIGH | — | 0 |
| CVE-2019-14317 wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures vi... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-19457 SALTO ProAccess SPACE 5.4.3.0 allows XSS. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-19458 SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. | 8.6 | HIGH | — | 0 |
| CVE-2019-19459 An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that wil... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-9689 process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. | 7.5 | HIGH | — | 0 |
| CVE-2019-18574 RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this ... | 4.8 | MEDIUM | — | 0 |
| CVE-2019-19543 In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | 7.8 | HIGH | — | 0 |
| CVE-2019-3749 Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to del... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-3750 Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to del... | 5.5 | MEDIUM | — | 0 |
| CVE-2016-1000104 A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | 8.8 | HIGH | — | 0 |
| CVE-2019-5076 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, ... | 8.8 | HIGH | — | 0 |
| CVE-2019-5083 An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bound... | 8.8 | HIGH | — | 0 |
| CVE-2019-5096 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-5097 A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP ... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.