Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-12543 In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that s... | N/A | NONE | β | 0 |
| CVE-2018-16160 SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | N/A | NONE | β | 0 |
| CVE-2018-16161 OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations. | N/A | NONE | β | 0 |
| CVE-2018-16162 OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2018-16163 OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2018-1643 The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code ... | N/A | NONE | β | 0 |
| CVE-2018-16621 Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | 7.2 | HIGH | β | 0 |
| CVE-2018-18954 The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. | N/A | NONE | β | 0 |
| CVE-2018-5407 Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 | MEDIUM | β | 0 |
| CVE-2018-19301 tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. | N/A | NONE | β | 0 |
| CVE-2018-19296 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | 8.8 | HIGH | β | 0 |
| CVE-2018-9071 Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate... | N/A | NONE | β | 0 |
| CVE-2018-9073 Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised t... | N/A | NONE | β | 0 |
| CVE-2018-9085 A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flas... | N/A | NONE | β | 0 |
| CVE-2018-9086 In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside t... | N/A | NONE | β | 0 |
| CVE-2018-1639 The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 1... | N/A | NONE | β | 0 |
| CVE-2018-1797 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a s... | N/A | NONE | β | 0 |
| CVE-2018-7359 All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2018-7361 All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. | N/A | NONE | β | 0 |
| CVE-2018-7362 All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. | N/A | NONE | β | 0 |
| CVE-2018-7363 All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute ... | N/A | NONE | β | 0 |
| CVE-2018-15692 Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. | N/A | NONE | β | 0 |
| CVE-2018-15693 Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference. | N/A | NONE | β | 0 |
| CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==... | N/A | NONE | β | 0 |
| CVE-2018-16396 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some fo... | N/A | NONE | β | 0 |
| CVE-2018-18755 K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-18756 Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008. | N/A | NONE | β | 0 |
| CVE-2018-18759 Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. | N/A | NONE | β | 0 |
| CVE-2018-18761 SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-18763 SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. | N/A | NONE | β | 0 |
| CVE-2018-18793 School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | N/A | NONE | β | 0 |
| CVE-2018-18794 School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | N/A | NONE | β | 0 |
| CVE-2018-18795 School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | N/A | NONE | β | 0 |
| CVE-2018-18796 Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | N/A | NONE | β | 0 |
| CVE-2018-18797 School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. | N/A | NONE | β | 0 |
| CVE-2018-18799 School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | N/A | NONE | β | 0 |
| CVE-2018-18801 The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL]. | N/A | NONE | β | 0 |
| CVE-2018-18803 Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb. | N/A | NONE | β | 0 |
| CVE-2018-18804 Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | N/A | NONE | β | 0 |
| CVE-2018-18805 Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb. | 9.8 | CRITICAL | β | 0 |
| CVE-2018-18806 School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb. | N/A | NONE | β | 0 |
| CVE-2025-32167 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devsoftbaltic SurveyJS surveyjs allows Stored XSS.This issue affects SurveyJS: from n/a through <=... | N/A | NONE | β | 0 |
| CVE-2018-19311 Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | N/A | NONE | β | 0 |
| CVE-2018-19312 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | N/A | NONE | β | 0 |
| CVE-2018-19318 SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | N/A | NONE | β | 0 |
| CVE-2018-19319 SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | N/A | NONE | β | 0 |
| CVE-2018-18955 In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ran... | N/A | NONE | β | 0 |
| CVE-2018-15769 RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially ... | 7.5 | HIGH | β | 0 |
| CVE-2018-19274 Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin C... | 7.2 | HIGH | β | 0 |
| CVE-2018-19324 kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.