Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-1000542 netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote co... | N/A | NONE | β | 0 |
| CVE-2018-1000543 Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code e... | N/A | NONE | β | 0 |
| CVE-2018-1000544 rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be e... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1000546 Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote co... | N/A | NONE | β | 0 |
| CVE-2018-1000547 coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. . | 5.3 | MEDIUM | β | 0 |
| CVE-2018-1000548 Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack ... | N/A | NONE | β | 0 |
| CVE-2018-1000549 Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obt... | N/A | NONE | β | 0 |
| CVE-2018-1000550 The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify file... | N/A | NONE | β | 0 |
| CVE-2018-1000551 Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This v... | N/A | NONE | β | 0 |
| CVE-2018-1000552 Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability in album component that can result in SQL code injection. This attack appear to be exploitable via HTTP request. This vulnerability... | N/A | NONE | β | 0 |
| CVE-2018-1000553 Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via H... | N/A | NONE | β | 0 |
| CVE-2018-1000554 Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request... | N/A | NONE | β | 0 |
| CVE-2018-1000556 WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which cou... | N/A | NONE | β | 0 |
| CVE-2018-1000557 OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbit... | N/A | NONE | β | 0 |
| CVE-2018-1000558 OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access... | N/A | NONE | β | 0 |
| CVE-2018-1000559 qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via ... | N/A | NONE | β | 0 |
| CVE-2018-1000607 A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any ... | N/A | NONE | β | 0 |
| CVE-2017-7658 In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1000600 A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using atta... | N/A | NONE | β | 0 |
| CVE-2018-1000601 A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configur... | N/A | NONE | β | 0 |
| CVE-2018-1000602 A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-a... | N/A | NONE | β | 0 |
| CVE-2018-1000603 A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JClou... | N/A | NONE | β | 0 |
| CVE-2018-1000604 A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content... | N/A | NONE | β | 0 |
| CVE-2018-1000605 A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any se... | N/A | NONE | β | 0 |
| CVE-2018-1000606 A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET reques... | N/A | NONE | β | 0 |
| CVE-2018-1000608 A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenk... | N/A | NONE | β | 0 |
| CVE-2018-1000609 A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obt... | N/A | NONE | β | 0 |
| CVE-2018-1000610 A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionCo... | N/A | NONE | β | 0 |
| CVE-2018-6667 Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions ... | N/A | NONE | β | 0 |
| CVE-2018-10658 There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or simila... | N/A | NONE | β | 0 |
| CVE-2018-12902 In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site. | N/A | NONE | β | 0 |
| CVE-2018-10659 There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result i... | N/A | NONE | β | 0 |
| CVE-2018-10660 An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | N/A | NONE | β | 0 |
| CVE-2018-10661 An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | N/A | NONE | β | 0 |
| CVE-2018-10662 An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | N/A | NONE | β | 0 |
| CVE-2018-10663 An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | N/A | NONE | β | 0 |
| CVE-2018-10664 An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | N/A | NONE | β | 0 |
| CVE-2018-12903 In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, ... | N/A | NONE | β | 0 |
| CVE-2018-1072 ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and passw... | N/A | NONE | β | 0 |
| CVE-2018-11447 A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into ac... | N/A | NONE | β | 0 |
| CVE-2024-39423 Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the con... | 7.8 | HIGH | β | 0 |
| CVE-2024-39424 Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context o... | 7.8 | HIGH | β | 0 |
| CVE-2024-39425 Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privileg... | 7.0 | HIGH | β | 0 |
| CVE-2024-39426 Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read... | 7.8 | HIGH | β | 0 |
| CVE-2024-39778 When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Β Note: Software versions which have reached End of Tec... | 7.5 | HIGH | β | 0 |
| CVE-2024-45857 Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end userβs system when the d... | 7.8 | HIGH | β | 0 |
| CVE-2024-39792 When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.Β Β Note: Software versions which have reached End of Technic... | 7.5 | HIGH | β | 0 |
| CVE-2024-39809 The Central Manager user session refresh token does not expire when a user logs out.Β Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 | HIGH | β | 0 |
| CVE-2024-41164 When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Sof... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-41719 When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.Β Note: Software versions which have... | 4.2 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.