Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2015-9404 The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9405 The wp-piwik plugin before 1.0.5 for WordPress has XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9407 The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2015-9408 The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16533 On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-16534 On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-4505 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the a... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-4565 IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 1... | 7.5 | HIGH | — | 0 |
| CVE-2018-11200 An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5521 VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain a... | 9.6 | CRITICAL | — | 0 |
| CVE-2018-17789 Prospecta Master Data Online (MDO) allows CSRF. | 6.5 | MEDIUM | — | 0 |
| CVE-2015-9406 Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | 7.5 | HIGH | — | 0 |
| CVE-2019-11280 Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservi... | 8.8 | HIGH | — | 0 |
| CVE-2019-11326 An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as... | 8.8 | HIGH | — | 0 |
| CVE-2019-11327 An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrati... | 4.9 | MEDIUM | — | 0 |
| CVE-2019-14814 There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system cra... | 7.8 | HIGH | — | 0 |
| CVE-2019-14816 There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or... | 7.8 | HIGH | — | 0 |
| CVE-2019-16645 An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent... | 8.6 | HIGH | — | 0 |
| CVE-2019-15138 The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | 7.5 | HIGH | — | 0 |
| CVE-2019-6145 Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators ca... | 6.7 | MEDIUM | — | 0 |
| CVE-2019-6649 F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the syste... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-6650 F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be mod... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-16649 On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over... | 10.0 | CRITICAL | — | 0 |
| CVE-2019-16650 On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an atta... | 10.0 | CRITICAL | — | 0 |
| CVE-2019-16669 The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerat... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16677 An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16678 admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16679 Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | 4.9 | MEDIUM | — | 0 |
| CVE-2019-16680 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-16681 The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (W... | 4.7 | MEDIUM | — | 0 |
| CVE-2018-21018 Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16692 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16694 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16695 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16696 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16702 Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16703 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-16704 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | 4.8 | MEDIUM | — | 0 |
| CVE-2019-16705 Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. | 9.1 | CRITICAL | — | 0 |
| CVE-2019-16706 kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | 8.8 | HIGH | — | 0 |
| CVE-2019-4262 IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16707 Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16708 ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16709 ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16710 ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16711 ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-3416 All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to co... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16712 ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16713 ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16714 In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.