Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-3862 Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overfl... | N/A | NONE | β | 0 |
| CVE-2017-3863 Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overfl... | N/A | NONE | β | 0 |
| CVE-2017-4969 The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. | N/A | NONE | β | 0 |
| CVE-2017-6611 A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the we... | N/A | NONE | β | 0 |
| CVE-2017-6607 A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS... | N/A | NONE | β | 0 |
| CVE-2017-6608 A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system... | N/A | NONE | β | 0 |
| CVE-2017-6609 A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malforme... | N/A | NONE | β | 0 |
| CVE-2017-6610 A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability... | N/A | NONE | β | 0 |
| CVE-2016-7508 Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 ... | N/A | NONE | β | 0 |
| CVE-2017-6613 A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to... | N/A | NONE | β | 0 |
| CVE-2017-6614 A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file ... | N/A | NONE | β | 0 |
| CVE-2017-6615 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerab... | N/A | NONE | β | 0 |
| CVE-2017-6616 A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerab... | N/A | NONE | β | 0 |
| CVE-2016-4829 DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | N/A | NONE | β | 0 |
| CVE-2017-6617 A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to h... | N/A | NONE | β | 0 |
| CVE-2017-6618 A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerabi... | N/A | NONE | β | 0 |
| CVE-2017-6619 A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vuln... | N/A | NONE | β | 0 |
| CVE-2017-7990 The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReport... | N/A | NONE | β | 0 |
| CVE-2016-4075 Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | 6.1 | MEDIUM | β | 0 |
| CVE-2017-2333 A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to ... | N/A | NONE | β | 0 |
| CVE-2017-7220 OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "R... | N/A | NONE | β | 0 |
| CVE-2017-7409 Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. | N/A | NONE | β | 0 |
| CVE-2017-7951 WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. | N/A | NONE | β | 0 |
| CVE-2016-0833 Android allows users to cause a denial of service. | N/A | NONE | β | 0 |
| CVE-2016-1148 Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | 8.1 | HIGH | β | 0 |
| CVE-2016-1184 Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | 5.9 | MEDIUM | β | 0 |
| CVE-2016-1194 Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | N/A | NONE | β | 0 |
| CVE-2016-4830 Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | 5.9 | MEDIUM | β | 0 |
| CVE-2016-4832 WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | N/A | NONE | β | 0 |
| CVE-2016-4840 Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | 5.9 | MEDIUM | β | 0 |
| CVE-2016-4841 Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | N/A | NONE | β | 0 |
| CVE-2016-4846 Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. | N/A | NONE | β | 0 |
| CVE-2017-7992 Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv par... | N/A | NONE | β | 0 |
| CVE-2016-0720 Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | N/A | NONE | β | 0 |
| CVE-2016-0721 Session fixation vulnerability in pcsd in pcs before 0.9.157. | N/A | NONE | β | 0 |
| CVE-2016-10091 Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) ... | N/A | NONE | β | 0 |
| CVE-2016-1556 Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphra... | N/A | NONE | β | 0 |
| CVE-2016-3109 The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2016-1557 Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | N/A | NONE | β | 0 |
| CVE-2016-1558 Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, ... | N/A | NONE | β | 0 |
| CVE-2016-1559 D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and... | N/A | NONE | β | 0 |
| CVE-2016-6519 Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in th... | N/A | NONE | β | 0 |
| CVE-2017-7994 The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF ... | N/A | NONE | β | 0 |
| CVE-2017-8050 Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | N/A | NONE | β | 0 |
| CVE-2017-8051 Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote ... | N/A | NONE | β | 0 |
| CVE-2016-1186 Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | N/A | NONE | β | 0 |
| CVE-2016-1187 Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. | N/A | NONE | β | 0 |
| CVE-2016-1198 Photopt for Android before 2.0.1 does not verify SSL certificates. | N/A | NONE | β | 0 |
| CVE-2016-1210 The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... | N/A | NONE | β | 0 |
| CVE-2016-1221 Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifica... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.