Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-7400 Rukovoditel before 2.4.1 allows XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2019-7402 An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. | N/A | NONE | β | 0 |
| CVE-2019-7403 An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. | N/A | NONE | β | 0 |
| CVE-2016-1000282 Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | N/A | NONE | β | 0 |
| CVE-2018-11803 Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory lis... | 7.5 | HIGH | β | 0 |
| CVE-2019-3818 The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker coul... | 7.5 | HIGH | β | 0 |
| CVE-2017-1177 IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429. | N/A | NONE | β | 0 |
| CVE-2017-1198 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs vi... | N/A | NONE | β | 0 |
| CVE-2017-1200 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-... | N/A | NONE | β | 0 |
| CVE-2017-1202 IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's ... | N/A | NONE | β | 0 |
| CVE-2018-18986 LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a specially crafted report format file that may cause an out of bounds read, which may cause a system crash, allow data exfiltration... | N/A | NONE | β | 0 |
| CVE-2018-18990 LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information u... | N/A | NONE | β | 0 |
| CVE-2018-18992 LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | N/A | NONE | β | 0 |
| CVE-2018-18998 LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. | N/A | NONE | β | 0 |
| CVE-2018-19000 LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. | N/A | NONE | β | 0 |
| CVE-2018-19002 LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or ... | N/A | NONE | β | 0 |
| CVE-2018-19029 LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data... | N/A | NONE | β | 0 |
| CVE-2018-4056 An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL inject... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-6591 On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a... | N/A | NONE | β | 0 |
| CVE-2019-1003007 A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary cod... | N/A | NONE | β | 0 |
| CVE-2019-7412 The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. | N/A | NONE | β | 0 |
| CVE-2019-7413 In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within th... | N/A | NONE | β | 0 |
| CVE-2019-6590 On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. | N/A | NONE | β | 0 |
| CVE-2018-20251 In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as wr... | N/A | NONE | β | 0 |
| CVE-2018-20252 In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary cod... | N/A | NONE | β | 0 |
| CVE-2018-8791 rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | N/A | NONE | β | 0 |
| CVE-2018-8792 rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | N/A | NONE | β | 0 |
| CVE-2018-8793 rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8794 rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8795 rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-18500 A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a poten... | N/A | NONE | β | 0 |
| CVE-2018-8796 rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | N/A | NONE | β | 0 |
| CVE-2018-8797 rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-8798 rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | N/A | NONE | β | 0 |
| CVE-2018-8799 rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | N/A | NONE | β | 0 |
| CVE-2018-8800 rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-18501 Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough... | N/A | NONE | β | 0 |
| CVE-2018-18502 Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of ... | N/A | NONE | β | 0 |
| CVE-2018-18503 When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 6... | N/A | NONE | β | 0 |
| CVE-2018-18504 A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possib... | N/A | NONE | β | 0 |
| CVE-2019-1003006 A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to prov... | 8.8 | HIGH | β | 0 |
| CVE-2018-18506 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to b... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-6519 WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | N/A | NONE | β | 0 |
| CVE-2019-6521 WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. | N/A | NONE | β | 0 |
| CVE-2019-6523 WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | N/A | NONE | β | 0 |
| CVE-2018-18333 A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable in... | 7.8 | HIGH | β | 0 |
| CVE-2018-18334 A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android (Consumer) versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy (SOP) and obtain sensiti... | N/A | NONE | β | 0 |
| CVE-2019-7567 An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. | N/A | NONE | β | 0 |
| CVE-2018-3989 An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cau... | N/A | NONE | β | 0 |
| CVE-2018-19782 Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.