Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2013-2055 Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templa... | N/A | NONE | β | 0 |
| CVE-2014-1697 The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. | N/A | NONE | β | 0 |
| CVE-2014-1698 Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | N/A | NONE | β | 0 |
| CVE-2014-1699 Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. | N/A | NONE | β | 0 |
| CVE-2014-1914 Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/... | N/A | NONE | β | 0 |
| CVE-2014-1915 Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests th... | N/A | NONE | β | 0 |
| CVE-2011-1773 virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password. | N/A | NONE | β | 0 |
| CVE-2011-4099 The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified ... | N/A | NONE | β | 0 |
| CVE-2012-5524 The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof ser... | N/A | NONE | β | 0 |
| CVE-2013-1904 Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _va... | N/A | NONE | β | 0 |
| CVE-2014-0044 The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix va... | N/A | NONE | β | 0 |
| CVE-2014-0045 The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269... | N/A | NONE | β | 0 |
| CVE-2014-1869 Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web s... | N/A | NONE | β | 0 |
| CVE-2014-1916 The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1... | N/A | NONE | β | 0 |
| CVE-2013-2214 status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain se... | N/A | NONE | β | 0 |
| CVE-2012-2328 internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values... | N/A | NONE | β | 0 |
| CVE-2012-3404 The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to b... | N/A | NONE | β | 0 |
| CVE-2012-3405 The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to b... | N/A | NONE | β | 0 |
| CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPE... | N/A | NONE | β | 0 |
| CVE-2013-6024 The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory ... | N/A | NONE | β | 0 |
| CVE-2014-1930 Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.asp... | N/A | NONE | β | 0 |
| CVE-2014-1931 The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which mig... | N/A | NONE | β | 0 |
| CVE-2011-4610 JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attacker... | N/A | NONE | β | 0 |
| CVE-2012-0064 xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations tha... | N/A | NONE | β | 0 |
| CVE-2014-1213 Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, whic... | N/A | NONE | β | 0 |
| CVE-2014-1876 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not secur... | N/A | NONE | β | 0 |
| CVE-2013-5012 Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecifi... | N/A | NONE | β | 0 |
| CVE-2013-5013 Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (... | N/A | NONE | β | 0 |
| CVE-2014-0274 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2013-1413 Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote a... | N/A | NONE | β | 0 |
| CVE-2013-1980 Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file. | N/A | NONE | β | 0 |
| CVE-2013-2639 Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a projec... | N/A | NONE | β | 0 |
| CVE-2013-3294 Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php. | N/A | NONE | β | 0 |
| CVE-2014-0288 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2013-3933 Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name para... | N/A | NONE | β | 0 |
| CVE-2014-0980 Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file. | N/A | NONE | β | 0 |
| CVE-2014-1237 Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter. | N/A | NONE | β | 0 |
| CVE-2014-1401 Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIE... | N/A | NONE | β | 0 |
| CVE-2013-6492 The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HT... | N/A | NONE | β | 0 |
| CVE-2014-0263 The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to exec... | N/A | NONE | β | 0 |
| CVE-2014-0266 The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Win... | N/A | NONE | β | 0 |
| CVE-2014-0267 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne... | N/A | NONE | β | 0 |
| CVE-2014-0268 Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mech... | N/A | NONE | β | 0 |
| CVE-2014-0269 Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2014-0270 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2014-0271 The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a ... | N/A | NONE | β | 0 |
| CVE-2014-0272 Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2014-0273 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2014-0275 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2014-0276 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption ... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.