Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-2101 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2016-6915 Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. | N/A | NONE | β | 0 |
| CVE-2017-5029 The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for i... | 8.8 | HIGH | β | 0 |
| CVE-2017-5031 A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2017-5032 PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF f... | N/A | NONE | β | 0 |
| CVE-2017-5033 Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote atta... | 4.3 | MEDIUM | β | 0 |
| CVE-2017-2102 Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of adminis... | N/A | NONE | β | 0 |
| CVE-2017-5034 A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | N/A | NONE | β | 0 |
| CVE-2017-5035 Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. | 8.1 | HIGH | β | 0 |
| CVE-2017-5036 A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF fi... | 7.8 | HIGH | β | 0 |
| CVE-2017-5037 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a ... | 7.8 | HIGH | β | 0 |
| CVE-2017-7985 In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | N/A | NONE | β | 0 |
| CVE-2017-5038 Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a craf... | 6.3 | MEDIUM | β | 0 |
| CVE-2017-5039 A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a craft... | 7.8 | HIGH | β | 0 |
| CVE-2017-5040 V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafte... | 4.3 | MEDIUM | β | 0 |
| CVE-2017-5041 Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2017-5043 Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a craf... | 8.8 | HIGH | β | 0 |
| CVE-2017-5044 Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds... | 6.3 | MEDIUM | β | 0 |
| CVE-2017-5045 XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force ... | 6.1 | MEDIUM | β | 0 |
| CVE-2017-5046 V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object vi... | 4.3 | MEDIUM | β | 0 |
| CVE-2017-8106 The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) vi... | N/A | NONE | β | 0 |
| CVE-2017-7986 In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | N/A | NONE | β | 0 |
| CVE-2017-7987 In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | N/A | NONE | β | 0 |
| CVE-2017-5047 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a ... | N/A | NONE | β | 0 |
| CVE-2017-5048 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a ... | N/A | NONE | β | 0 |
| CVE-2017-5049 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a ... | N/A | NONE | β | 0 |
| CVE-2017-5050 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a ... | N/A | NONE | β | 0 |
| CVE-2017-5051 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a ... | N/A | NONE | β | 0 |
| CVE-2017-7221 OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leverag... | N/A | NONE | β | 0 |
| CVE-2017-7477 Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by l... | 7.0 | HIGH | β | 0 |
| CVE-2016-8030 A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer ... | N/A | NONE | β | 0 |
| CVE-2017-5625 In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by i... | N/A | NONE | β | 0 |
| CVE-2017-7988 In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. | N/A | NONE | β | 0 |
| CVE-2017-8109 The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on con... | N/A | NONE | β | 0 |
| CVE-2017-8110 www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php. | 10.0 | CRITICAL | β | 0 |
| CVE-2017-1149 IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this... | N/A | NONE | β | 0 |
| CVE-2017-1274 IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-For... | N/A | NONE | β | 0 |
| CVE-2017-7983 In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. | N/A | NONE | β | 0 |
| CVE-2017-7984 In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | N/A | NONE | β | 0 |
| CVE-2017-7989 In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. | N/A | NONE | β | 0 |
| CVE-2025-58676 Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER allows Stored XSS. This issue affects HORIZONTAL SLIDER: from n/a through 2.4. | 7.1 | HIGH | β | 0 |
| CVE-2017-3342 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 1... | N/A | NONE | β | 0 |
| CVE-2017-3345 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 1... | N/A | NONE | β | 0 |
| CVE-2017-3347 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 1... | N/A | NONE | β | 0 |
| CVE-2017-3355 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 1... | N/A | NONE | β | 0 |
| CVE-2017-3356 Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 1... | N/A | NONE | β | 0 |
| CVE-2017-3434 Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily "... | N/A | NONE | β | 0 |
| CVE-2017-8115 Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | N/A | NONE | β | 0 |
| CVE-2017-8217 TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | N/A | NONE | β | 0 |
| CVE-2017-8218 vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, ... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.