Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2012-6697 InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop). | N/A | NONE | β | 0 |
| CVE-2017-7704 In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a ... | N/A | NONE | β | 0 |
| CVE-2017-7705 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/disse... | N/A | NONE | β | 0 |
| CVE-2017-7745 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/... | N/A | NONE | β | 0 |
| CVE-2017-7746 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pac... | N/A | NONE | β | 0 |
| CVE-2017-7747 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c ... | N/A | NONE | β | 0 |
| CVE-2017-7748 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pack... | N/A | NONE | β | 0 |
| CVE-2017-7626 The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). | N/A | NONE | β | 0 |
| CVE-2017-7627 The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check). | N/A | NONE | β | 0 |
| CVE-2017-7628 The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). | N/A | NONE | β | 0 |
| CVE-2025-53566 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visit... | 6.5 | MEDIUM | β | 0 |
| CVE-2014-2710 Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login pag... | N/A | NONE | β | 0 |
| CVE-2015-1838 modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | N/A | NONE | β | 0 |
| CVE-2015-1839 modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | N/A | NONE | β | 0 |
| CVE-2015-6674 Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete... | N/A | NONE | β | 0 |
| CVE-2015-7565 Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2... | N/A | NONE | β | 0 |
| CVE-2017-0708 A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879. | N/A | NONE | β | 0 |
| CVE-2015-7740 Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application tha... | N/A | NONE | β | 0 |
| CVE-2015-8107 Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2015-8223 Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via... | N/A | NONE | β | 0 |
| CVE-2015-8270 The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). | N/A | NONE | β | 0 |
| CVE-2015-8271 The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2015-8272 RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). | N/A | NONE | β | 0 |
| CVE-2015-8282 SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | N/A | NONE | β | 0 |
| CVE-2015-8283 Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. | N/A | NONE | β | 0 |
| CVE-2015-8284 SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | N/A | NONE | β | 0 |
| CVE-2015-8864 Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerab... | N/A | NONE | β | 0 |
| CVE-2016-10117 Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. | N/A | NONE | β | 0 |
| CVE-2016-10118 Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. | N/A | NONE | β | 0 |
| CVE-2016-10119 Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges. | N/A | NONE | β | 0 |
| CVE-2016-10120 Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | N/A | NONE | β | 0 |
| CVE-2016-1914 Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary... | N/A | NONE | β | 0 |
| CVE-2016-1915 Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale par... | N/A | NONE | β | 0 |
| CVE-2016-2104 Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the pa... | N/A | NONE | β | 0 |
| CVE-2016-2555 SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | N/A | NONE | β | 0 |
| CVE-2016-10325 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS... | N/A | NONE | β | 0 |
| CVE-2016-3106 Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | N/A | NONE | β | 0 |
| CVE-2016-4068 Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerab... | N/A | NONE | β | 0 |
| CVE-2016-4800 The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints v... | N/A | NONE | β | 0 |
| CVE-2016-4970 handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). | 7.5 | HIGH | β | 0 |
| CVE-2016-6143 SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | N/A | NONE | β | 0 |
| CVE-2016-10326 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. | N/A | NONE | β | 0 |
| CVE-2017-7219 A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run a... | N/A | NONE | β | 0 |
| CVE-2010-1816 Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a cr... | N/A | NONE | β | 0 |
| CVE-2010-1821 Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | N/A | NONE | β | 0 |
| CVE-2014-7920 mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. | N/A | NONE | β | 0 |
| CVE-2014-7921 mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | N/A | NONE | β | 0 |
| CVE-2016-2036 The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows... | N/A | NONE | β | 0 |
| CVE-2016-2565 Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. | N/A | NONE | β | 0 |
| CVE-2016-2566 Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.