Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2014-9820 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. | 7.8 | HIGH | β | 0 |
| CVE-2017-6184 In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | N/A | NONE | β | 0 |
| CVE-2014-9821 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | 7.8 | HIGH | β | 0 |
| CVE-2014-9822 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. | 7.8 | HIGH | β | 0 |
| CVE-2014-9823 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. | 7.8 | HIGH | β | 0 |
| CVE-2014-9824 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. | 7.8 | HIGH | β | 0 |
| CVE-2017-7362 Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | N/A | NONE | β | 0 |
| CVE-2014-9825 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. | 7.8 | HIGH | β | 0 |
| CVE-2014-9826 ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. | N/A | NONE | β | 0 |
| CVE-2017-5184 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | N/A | NONE | β | 0 |
| CVE-2017-5185 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | N/A | NONE | β | 0 |
| CVE-2017-6182 In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | N/A | NONE | β | 0 |
| CVE-2017-7363 Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | N/A | NONE | β | 0 |
| CVE-2017-6412 In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | N/A | NONE | β | 0 |
| CVE-2017-7253 Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with adm... | N/A | NONE | β | 0 |
| CVE-2017-7346 The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial... | N/A | NONE | β | 0 |
| CVE-2016-9319 There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | N/A | NONE | β | 0 |
| CVE-2017-2647 The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for... | N/A | NONE | β | 0 |
| CVE-2016-2192 PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. | 6.5 | MEDIUM | β | 0 |
| CVE-2017-6973 A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This... | N/A | NONE | β | 0 |
| CVE-2017-7241 A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'ty... | N/A | NONE | β | 0 |
| CVE-2017-7309 A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a craf... | N/A | NONE | β | 0 |
| CVE-2017-7359 Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | N/A | NONE | β | 0 |
| CVE-2017-7360 Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | N/A | NONE | β | 0 |
| CVE-2017-7361 Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | N/A | NONE | β | 0 |
| CVE-2008-7313 The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | N/A | NONE | β | 0 |
| CVE-2014-5008 Snoopy allows remote attackers to execute arbitrary commands. | N/A | NONE | β | 0 |
| CVE-2014-5009 Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | N/A | NONE | β | 0 |
| CVE-2015-4624 Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | N/A | NONE | β | 0 |
| CVE-2016-6209 Cross-site scripting (XSS) vulnerability in Nagios. | N/A | NONE | β | 0 |
| CVE-2016-3066 The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | N/A | NONE | β | 0 |
| CVE-2017-3009 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation ... | N/A | NONE | β | 0 |
| CVE-2017-3010 Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitati... | N/A | NONE | β | 0 |
| CVE-2016-6022 IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function... | N/A | NONE | β | 0 |
| CVE-2016-6031 IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct... | N/A | NONE | β | 0 |
| CVE-2017-1154 IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to files in the local environment which should not be viewed by application users. IBM Reference #: 1... | N/A | NONE | β | 0 |
| CVE-2016-6036 IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... | N/A | NONE | β | 0 |
| CVE-2016-6111 IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit ... | N/A | NONE | β | 0 |
| CVE-2016-8917 IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... | N/A | NONE | β | 0 |
| CVE-2016-8935 IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte... | N/A | NONE | β | 0 |
| CVE-2016-9707 IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose ... | N/A | NONE | β | 0 |
| CVE-2016-9990 IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lead... | N/A | NONE | β | 0 |
| CVE-2017-2775 An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI fi... | N/A | NONE | β | 0 |
| CVE-2016-6560 illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. | N/A | NONE | β | 0 |
| CVE-2016-6561 illumos smbsrv NULL pointer dereference allows system crash. | N/A | NONE | β | 0 |
| CVE-2017-7374 Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring ... | 7.8 | HIGH | β | 0 |
| CVE-2016-8032 Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | N/A | NONE | β | 0 |
| CVE-2017-7388 A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/res... | 6.1 | MEDIUM | β | 0 |
| CVE-2017-7389 Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'open... | 6.1 | MEDIUM | β | 0 |
| CVE-2017-7390 A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/temp... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.