Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-9279 NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user adminis... | N/A | NONE | β | 0 |
| CVE-2017-9280 Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, ... | N/A | NONE | β | 0 |
| CVE-2017-9285 NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | N/A | NONE | β | 0 |
| CVE-2018-7433 The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | N/A | NONE | β | 0 |
| CVE-2015-7596 SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modif... | N/A | NONE | β | 0 |
| CVE-2015-7597 SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | N/A | NONE | β | 0 |
| CVE-2015-7598 SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an e... | N/A | NONE | β | 0 |
| CVE-2015-7961 SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an e... | N/A | NONE | β | 0 |
| CVE-2015-7962 SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an ex... | N/A | NONE | β | 0 |
| CVE-2015-7963 SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable m... | N/A | NONE | β | 0 |
| CVE-2015-7964 SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable mod... | N/A | NONE | β | 0 |
| CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 7.5 | HIGH | β | 0 |
| CVE-2015-7965 SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executab... | N/A | NONE | β | 0 |
| CVE-2015-7966 SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executab... | N/A | NONE | β | 0 |
| CVE-2015-7967 SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying ... | N/A | NONE | β | 0 |
| CVE-2018-7449 SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | N/A | NONE | β | 0 |
| CVE-2018-7583 Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | N/A | NONE | β | 0 |
| CVE-2018-7651 index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. | N/A | NONE | β | 0 |
| CVE-2018-7652 lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2018-7654 On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | N/A | NONE | β | 0 |
| CVE-2017-18213 In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | N/A | NONE | β | 0 |
| CVE-2018-7653 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. | N/A | NONE | β | 0 |
| CVE-2018-7560 index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | 7.5 | HIGH | β | 0 |
| CVE-2018-7567 In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by ... | N/A | NONE | β | 0 |
| CVE-2018-7663 An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php)... | N/A | NONE | β | 0 |
| CVE-2018-7664 An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_download... | N/A | NONE | β | 0 |
| CVE-2018-7665 An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto ... | N/A | NONE | β | 0 |
| CVE-2018-7666 An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and t... | N/A | NONE | β | 0 |
| CVE-2018-7667 Adminer through 4.3.1 has SSRF via the server parameter. | N/A | NONE | β | 0 |
| CVE-2018-7668 TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | N/A | NONE | β | 0 |
| CVE-2018-1000115 Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial o... | N/A | NONE | β | 0 |
| CVE-2018-1316 The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files un... | N/A | NONE | β | 0 |
| CVE-2018-7644 The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion ... | N/A | NONE | β | 0 |
| CVE-2018-0490 An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause ... | N/A | NONE | β | 0 |
| CVE-2018-0491 A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added... | N/A | NONE | β | 0 |
| CVE-2017-7427 Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary J... | N/A | NONE | β | 0 |
| CVE-2017-7437 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. | N/A | NONE | β | 0 |
| CVE-2017-7633 QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device. | N/A | NONE | β | 0 |
| CVE-2018-5449 A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perf... | N/A | NONE | β | 0 |
| CVE-2018-5453 An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTT... | N/A | NONE | β | 0 |
| CVE-2018-5455 A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to... | N/A | NONE | β | 0 |
| CVE-2017-16922 In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically cra... | N/A | NONE | β | 0 |
| CVE-2017-17428 Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT atta... | N/A | NONE | β | 0 |
| CVE-2017-18215 xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. | N/A | NONE | β | 0 |
| CVE-2017-18216 In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. | N/A | NONE | β | 0 |
| CVE-2018-5255 The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets. | N/A | NONE | β | 0 |
| CVE-2017-17131 Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due ... | N/A | NONE | β | 0 |
| CVE-2017-17132 Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a... | N/A | NONE | β | 0 |
| CVE-2017-17133 Huawei VP9660 V500R002C10 has a null pointer reference vulnerability in license module due to insufficient verification. An authenticated local attacker could place a malicious license file into syste... | N/A | NONE | β | 0 |
| CVE-2017-17134 XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.