Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-1235 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Serv... | 7.8 | HIGH | — | 0 |
| CVE-2019-1236 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208... | 7.5 | HIGH | — | 0 |
| CVE-2019-1237 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. Thi... | 7.5 | HIGH | — | 0 |
| CVE-2019-5976 Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. | 4.9 | MEDIUM | — | 0 |
| CVE-2019-1240 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1241 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1242 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1243 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1244 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1245 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1246 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1247 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1302 An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of ... | 8.8 | HIGH | — | 0 |
| CVE-2019-1248 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1249 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1250 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is un... | 7.8 | HIGH | — | 0 |
| CVE-2019-1251 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-16664 An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | 4.8 | MEDIUM | — | 0 |
| CVE-2019-0207 Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal ... | 7.5 | HIGH | — | 0 |
| CVE-2019-13140 Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to dec... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-15721 An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-15722 An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | 7.5 | HIGH | — | 0 |
| CVE-2019-15723 An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16721 NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-15724 An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-15725 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other informati... | 7.5 | HIGH | — | 0 |
| CVE-2019-15726 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP addres... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-15727 An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metri... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-15728 An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an att... | 7.5 | HIGH | — | 0 |
| CVE-2019-16722 ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15730 An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms ... | 7.5 | HIGH | — | 0 |
| CVE-2019-15731 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project member... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-15732 An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-15733 An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-16366 In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-8371 OpenEMR v5.0.1-6 allows code execution. | 7.2 | HIGH | — | 0 |
| CVE-2019-10071 The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code ex... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-15734 An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-15736 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. | 7.5 | HIGH | — | 0 |
| CVE-2019-15737 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-15738 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | 5.3 | MEDIUM | — | 0 |
| CVE-2016-10976 The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-15739 An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-15740 An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-15741 An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16370 The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related i... | 5.9 | MEDIUM | — | 0 |
| CVE-2019-16371 LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be b... | 8.2 | HIGH | — | 0 |
| CVE-2019-8368 OpenEMR v5.0.1-6 allows XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2016-10978 The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. | 8.8 | HIGH | — | 0 |
| CVE-2019-4147 IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or ... | 7.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.