Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-9404 In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no... | 7.5 | HIGH | — | 0 |
| CVE-2019-9405 In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed fo... | 8.8 | HIGH | — | 0 |
| CVE-2019-9406 In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is ne... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-9407 In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional executio... | 7.8 | HIGH | — | 0 |
| CVE-2020-9270 ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | 8.8 | HIGH | — | 0 |
| CVE-2019-9408 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is nee... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-9409 In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is ne... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-9410 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is nee... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-9411 In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is nee... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-9412 In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is ... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-9413 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is... | 7.5 | HIGH | — | 0 |
| CVE-2019-9414 In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote informatio... | 5.9 | MEDIUM | — | 0 |
| CVE-2018-11914 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ whic... | N/A | NONE | — | 0 |
| CVE-2018-11918 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with a... | N/A | NONE | — | 0 |
| CVE-2018-5909 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size be... | N/A | NONE | — | 0 |
| CVE-2018-11919 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SO... | N/A | NONE | — | 0 |
| CVE-2018-11943 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to ... | N/A | NONE | — | 0 |
| CVE-2018-11946 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without a... | N/A | NONE | — | 0 |
| CVE-2018-11956 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a po... | N/A | NONE | — | 0 |
| CVE-2018-11995 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper ter... | N/A | NONE | — | 0 |
| CVE-2018-19609 ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a di... | N/A | NONE | — | 0 |
| CVE-2018-5856 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio. | N/A | NONE | — | 0 |
| CVE-2018-5861 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vuln... | N/A | NONE | — | 0 |
| CVE-2018-5904 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occu... | N/A | NONE | — | 0 |
| CVE-2018-5906 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input b... | N/A | NONE | — | 0 |
| CVE-2018-5908 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validati... | N/A | NONE | — | 0 |
| CVE-2018-13306 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | N/A | NONE | — | 0 |
| CVE-2018-5910 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in d... | N/A | NONE | — | 0 |
| CVE-2018-5919 In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot. | N/A | NONE | — | 0 |
| CVE-2018-6983 VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This iss... | N/A | NONE | — | 0 |
| CVE-2018-12241 The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP ... | N/A | NONE | — | 0 |
| CVE-2018-6263 NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL)... | N/A | NONE | — | 0 |
| CVE-2018-17934 NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonat... | N/A | NONE | — | 0 |
| CVE-2018-6265 NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser ses... | N/A | NONE | — | 0 |
| CVE-2018-6266 NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. | N/A | NONE | — | 0 |
| CVE-2018-17256 Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vul... | N/A | NONE | — | 0 |
| CVE-2018-0719 Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on bu... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-10142 The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | N/A | NONE | — | 0 |
| CVE-2018-13022 Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | N/A | NONE | — | 0 |
| CVE-2018-13023 System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. | N/A | NONE | — | 0 |
| CVE-2018-20716 CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | N/A | NONE | — | 0 |
| CVE-2018-13307 System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become per... | N/A | NONE | — | 0 |
| CVE-2018-13314 System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | N/A | NONE | — | 0 |
| CVE-2018-13316 System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | N/A | NONE | — | 0 |
| CVE-2018-13329 Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | N/A | NONE | — | 0 |
| CVE-2018-13334 Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | N/A | NONE | — | 0 |
| CVE-2018-13337 Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | N/A | NONE | — | 0 |
| CVE-2018-14892 Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. | N/A | NONE | — | 0 |
| CVE-2018-14893 A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | N/A | NONE | — | 0 |
| CVE-2018-17936 NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.