CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2018-12448 Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web... | N/A | NONE | — | 0 |
| CVE-2018-16373 Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | N/A | NONE | — | 0 |
| CVE-2018-1554 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti... | N/A | NONE | — | 0 |
| CVE-2018-8037 If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for ... | N/A | NONE | — | 0 |
| CVE-2017-9118 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. | 7.5 | HIGH | — | 0 |
| CVE-2017-9120 PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer ove... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-7649 Monitorix before 3.10.1 allows XSS via CGI variables. | N/A | NONE | — | 0 |
| CVE-2017-14444 An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request,... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-14445 An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-14446 An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16338 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the ... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16339 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the b... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16340 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to t... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-6213 paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | N/A | NONE | — | 0 |
| CVE-2017-16341 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy t... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16342 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using str... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16343 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using str... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16344 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16345 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to th... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16346 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-6215 paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | N/A | NONE | — | 0 |
| CVE-2017-16347 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16349 An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in infor... | 8.1 | HIGH | — | 0 |
| CVE-2018-1154 In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating u... | N/A | NONE | — | 0 |
| CVE-2018-1155 In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports featur... | N/A | NONE | — | 0 |
| CVE-2018-14851 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bou... | N/A | NONE | — | 0 |
| CVE-2018-3834 An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binari... | 7.4 | HIGH | — | 0 |
| CVE-2018-14883 An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of ... | N/A | NONE | — | 0 |
| CVE-2018-14884 An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext... | N/A | NONE | — | 0 |
| CVE-2018-5489 NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions... | N/A | NONE | — | 0 |
| CVE-2018-6590 CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | 6.1 | MEDIUM | — | 0 |
| CVE-2017-8316 IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | N/A | NONE | — | 0 |
| CVE-2018-16374 Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | N/A | NONE | — | 0 |
| CVE-2018-13416 In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use thi... | N/A | NONE | — | 0 |
| CVE-2018-14574 django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | N/A | NONE | — | 0 |
| CVE-2018-14773 An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises f... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-14774 An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpC... | N/A | NONE | — | 0 |
| CVE-2017-15358 Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option. | N/A | NONE | — | 0 |
| CVE-2018-12483 OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string u... | N/A | NONE | — | 0 |
| CVE-2018-12605 An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. | N/A | NONE | — | 0 |
| CVE-2018-12606 An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output... | N/A | NONE | — | 0 |
| CVE-2018-12607 An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lac... | N/A | NONE | — | 0 |
| CVE-2018-12989 The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator... | N/A | NONE | — | 0 |
| CVE-2018-13055 A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it... | N/A | NONE | — | 0 |
| CVE-2018-14504 An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP set... | N/A | NONE | — | 0 |
| CVE-2018-14576 The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. | 7.5 | HIGH | — | 0 |
| CVE-2018-14715 The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can pred... | N/A | NONE | — | 0 |
| CVE-2018-14728 upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. | N/A | NONE | — | 0 |
| CVE-2018-14904 Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | N/A | NONE | — | 0 |
| CVE-2018-14905 The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.