Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-3395 The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6... | N/A | NONE | — | 0 |
| CVE-2018-15816 FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. | N/A | NONE | — | 0 |
| CVE-2019-3835 It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have acc... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-3838 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-3856 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH ser... | 8.8 | HIGH | — | 0 |
| CVE-2019-3857 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker ... | 8.8 | HIGH | — | 0 |
| CVE-2019-7714 An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not check... | N/A | NONE | — | 0 |
| CVE-2019-3860 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial o... | N/A | NONE | — | 0 |
| CVE-2019-3861 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH ... | N/A | NONE | — | 0 |
| CVE-2019-3874 The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches a... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-3879 It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the cal... | 8.1 | HIGH | — | 0 |
| CVE-2018-15583 Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-4046 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to caus... | 7.5 | HIGH | — | 0 |
| CVE-2019-7608 Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of oth... | N/A | NONE | — | 0 |
| CVE-2019-7610 Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could sen... | N/A | NONE | — | 0 |
| CVE-2019-7611 A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are use... | 8.1 | HIGH | — | 0 |
| CVE-2017-7342 A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | N/A | NONE | — | 0 |
| CVE-2019-7612 A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credenti... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-7613 Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event. | 7.5 | HIGH | — | 0 |
| CVE-2014-9187 Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could le... | N/A | NONE | — | 0 |
| CVE-2014-9189 Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that coul... | N/A | NONE | — | 0 |
| CVE-2019-10044 Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs bec... | N/A | NONE | — | 0 |
| CVE-2019-0204 A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1... | 7.8 | HIGH | — | 0 |
| CVE-2019-7642 D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include b... | 7.5 | HIGH | — | 0 |
| CVE-2019-10060 The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An att... | N/A | NONE | — | 0 |
| CVE-2019-10061 utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary command... | N/A | NONE | — | 0 |
| CVE-2019-7711 An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is... | N/A | NONE | — | 0 |
| CVE-2019-7712 An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used... | N/A | NONE | — | 0 |
| CVE-2019-7715 An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting a... | N/A | NONE | — | 0 |
| CVE-2019-8981 tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged. | N/A | NONE | — | 0 |
| CVE-2019-10063 Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed ap... | N/A | NONE | — | 0 |
| CVE-2019-9764 HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actu... | N/A | NONE | — | 0 |
| CVE-2014-5434 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter a... | N/A | NONE | — | 0 |
| CVE-2019-9059 An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "... | N/A | NONE | — | 0 |
| CVE-2014-5431 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information,... | N/A | NONE | — | 0 |
| CVE-2014-5432 Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may b... | N/A | NONE | — | 0 |
| CVE-2014-5433 An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700B... | N/A | NONE | — | 0 |
| CVE-2018-19856 GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. | N/A | NONE | — | 0 |
| CVE-2019-7646 CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | N/A | NONE | — | 0 |
| CVE-2024-37025 Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalat... | 6.7 | MEDIUM | — | 0 |
| CVE-2013-2806 Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic... | N/A | NONE | — | 0 |
| CVE-2013-2807 Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic... | N/A | NONE | — | 0 |
| CVE-2019-9055 An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permi... | N/A | NONE | — | 0 |
| CVE-2019-9057 An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | 8.8 | HIGH | — | 0 |
| CVE-2019-9058 An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm.php, it is possible to send a crafted value in the sel_groups parameter that leads to authenticated ob... | 7.2 | HIGH | — | 0 |
| CVE-2019-9061 An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager (in the file action.installmodule.php), it is possible to reach an unserialize call with untrusted input and achieve authe... | 8.8 | HIGH | — | 0 |
| CVE-2013-2805 Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic... | N/A | NONE | — | 0 |
| CVE-2018-16856 In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are reada... | N/A | NONE | — | 0 |
| CVE-2019-3597 Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect ... | N/A | NONE | — | 0 |
| CVE-2019-3606 Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrator... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.