探索與 Input Validation 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 Input Validation 類型、2019 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2019-9668 | An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value. | 7.5 | 1.06% | 2019-12-31 | 2024-11-21 |
| CVE-2014-5289 | Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | 9.8 | 23.22% | 2019-12-27 | 2024-11-21 |
| CVE-2019-20041 | wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | 9.8 | 1.37% | 2019-12-27 | 2024-11-21 |
| CVE-2019-19398 | M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution. | 9.8 | 0.38% | 2019-12-26 | 2024-11-21 |
| CVE-2019-5266 | Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled. | 7.5 | 0.58% | 2019-12-23 | 2024-11-21 |
| CVE-2019-19337 | A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server. | 6.5 | 0.41% | 2019-12-23 | 2024-11-21 |
| CVE-2019-15915 | An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | 7.5 | 0.43% | 2019-12-20 | 2024-11-21 |
| CVE-2019-15914 | An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | 7.5 | 0.43% | 2019-12-20 | 2024-11-21 |
| CVE-2019-15912 | An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | 7.5 | 0.43% | 2019-12-20 | 2024-11-21 |
| CVE-2019-15910 | An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | 7.5 | 0.44% | 2019-12-20 | 2024-11-21 |
| CVE-2012-6111 | gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | 7.5 | 0.39% | 2019-12-20 | 2024-11-21 |
| CVE-2012-3409 | ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | 7.8 | 0.06% | 2019-12-20 | 2024-11-21 |
| CVE-2019-19902 | An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the "Synchronize, import, and export configuration" permission, a permission that only | 7.2 | 0.61% | 2019-12-19 | 2024-11-21 |
| CVE-2019-11108 | Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | 0.15% | 2019-12-18 | 2024-11-21 |
| CVE-2019-11107 | Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | 0.46% | 2019-12-18 | 2024-11-21 |
| CVE-2019-11104 | Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | 0.15% | 2019-12-18 | 2024-11-21 |
| CVE-2019-11103 | Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | 0.15% | 2019-12-18 | 2024-11-21 |
| CVE-2019-11102 | Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | 0.06% | 2019-12-18 | 2024-11-21 |
| CVE-2019-11101 | Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | 0.14% | 2019-12-18 | 2024-11-21 |
| CVE-2019-11100 | Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 | 0.28% | 2019-12-18 | 2024-11-21 |