Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-14814 There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system cra... | 7.8 | HIGH | — | 0 |
| CVE-2019-14816 There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or... | 7.8 | HIGH | — | 0 |
| CVE-2019-16645 An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent... | 8.6 | HIGH | — | 0 |
| CVE-2019-15138 The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | 7.5 | HIGH | — | 0 |
| CVE-2019-6145 Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators ca... | 6.7 | MEDIUM | — | 0 |
| CVE-2019-6649 F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the syste... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-6650 F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be mod... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-16649 On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over... | 10.0 | CRITICAL | — | 0 |
| CVE-2019-16650 On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an atta... | 10.0 | CRITICAL | — | 0 |
| CVE-2019-16669 The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerat... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16677 An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16678 admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16679 Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | 4.9 | MEDIUM | — | 0 |
| CVE-2019-16680 An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-16681 The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (W... | 4.7 | MEDIUM | — | 0 |
| CVE-2018-21018 Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16692 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16694 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16695 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16696 phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16702 Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16703 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-16704 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | 4.8 | MEDIUM | — | 0 |
| CVE-2019-16705 Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. | 9.1 | CRITICAL | — | 0 |
| CVE-2019-16706 kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | 8.8 | HIGH | — | 0 |
| CVE-2019-4262 IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-16707 Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16708 ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16709 ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16710 ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16711 ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-3416 All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to co... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16712 ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16713 ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16714 In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | 7.5 | HIGH | — | 0 |
| CVE-2019-16718 In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the p... | 7.8 | HIGH | — | 0 |
| CVE-2019-16719 WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-16720 ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | 7.5 | HIGH | — | 0 |
| CVE-2019-10087 On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-10089 On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attack... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-12404 On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker ... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-13063 Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e... | 7.5 | HIGH | — | 0 |
| CVE-2019-16518 An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energ... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-16887 In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | 7.8 | HIGH | — | 0 |
| CVE-2019-16723 In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | 4.3 | MEDIUM | — | 0 |
| CVE-2018-21019 Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. | 7.5 | HIGH | — | 0 |
| CVE-2019-10090 On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-10978 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input f... | 7.8 | HIGH | — | 0 |
| CVE-2019-10984 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input f... | 7.8 | HIGH | — | 0 |
| CVE-2019-10990 Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to ... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.