Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-14592 The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php. | N/A | NONE | β | 0 |
| CVE-2018-15832 upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit... | N/A | NONE | β | 0 |
| CVE-2018-14691 An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/pla... | N/A | NONE | β | 0 |
| CVE-2018-16282 A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parame... | N/A | NONE | β | 0 |
| CVE-2018-16752 LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the de... | N/A | NONE | β | 0 |
| CVE-2018-17282 An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. | N/A | NONE | β | 0 |
| CVE-2018-17283 Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged a... | N/A | NONE | β | 0 |
| CVE-2018-17292 An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denia... | N/A | NONE | β | 0 |
| CVE-2018-17293 An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input ... | N/A | NONE | β | 0 |
| CVE-2018-14891 Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability. | N/A | NONE | β | 0 |
| CVE-2018-17294 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via ou... | N/A | NONE | β | 0 |
| CVE-2018-17297 The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | N/A | NONE | β | 0 |
| CVE-2018-17298 An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password. | N/A | NONE | β | 0 |
| CVE-2018-17300 Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | 4.8 | MEDIUM | β | 0 |
| CVE-2018-17301 Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | N/A | NONE | β | 0 |
| CVE-2018-17302 Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | N/A | NONE | β | 0 |
| CVE-2018-11240 An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code e... | N/A | NONE | β | 0 |
| CVE-2018-14643 An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulne... | N/A | NONE | β | 0 |
| CVE-2018-14645 A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. | N/A | NONE | β | 0 |
| CVE-2018-1685 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-For... | N/A | NONE | β | 0 |
| CVE-2018-1710 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution... | N/A | NONE | β | 0 |
| CVE-2018-11241 An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a... | N/A | NONE | β | 0 |
| CVE-2018-1711 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IB... | N/A | NONE | β | 0 |
| CVE-2018-8023 Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generat... | N/A | NONE | β | 0 |
| CVE-2018-3873 An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3874 An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3876 An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de... | 8.8 | HIGH | β | 0 |
| CVE-2018-3877 An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-3894 An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call ove... | 8.8 | HIGH | β | 0 |
| CVE-2018-3906 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts ... | 8.2 | HIGH | β | 0 |
| CVE-2018-3913 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.... | 6.7 | MEDIUM | β | 0 |
| CVE-2018-3914 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.... | 7.8 | HIGH | β | 0 |
| CVE-2018-3915 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.... | 8.2 | HIGH | β | 0 |
| CVE-2018-11352 The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScri... | N/A | NONE | β | 0 |
| CVE-2018-14688 An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an i... | N/A | NONE | β | 0 |
| CVE-2018-16597 An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. | N/A | NONE | β | 0 |
| CVE-2018-16793 Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | N/A | NONE | β | 0 |
| CVE-2018-9282 An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator ... | N/A | NONE | β | 0 |
| CVE-2013-4451 gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repo... | N/A | NONE | β | 0 |
| CVE-2013-7203 gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | N/A | NONE | β | 0 |
| CVE-2018-13111 There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device. | N/A | NONE | β | 0 |
| CVE-2018-14730 An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replace... | 7.5 | HIGH | β | 0 |
| CVE-2018-14731 An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for ... | N/A | NONE | β | 0 |
| CVE-2018-14732 An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which i... | N/A | NONE | β | 0 |
| CVE-2018-15612 A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orc... | N/A | NONE | β | 0 |
| CVE-2018-15613 A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya... | N/A | NONE | β | 0 |
| CVE-2018-16821 SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | N/A | NONE | β | 0 |
| CVE-2018-16833 Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | N/A | NONE | β | 0 |
| CVE-2018-16965 In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | N/A | NONE | β | 0 |
| CVE-2018-17001 On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWiz... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.