CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2014-3531 Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description... | N/A | NONE | — | 0 |
| CVE-2014-3706 ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | N/A | NONE | — | 0 |
| CVE-2022-33949 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2014-3709 The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack ... | N/A | NONE | — | 0 |
| CVE-2014-7242 The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to sp... | N/A | NONE | — | 0 |
| CVE-2014-7813 Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack o... | N/A | NONE | — | 0 |
| CVE-2014-8491 The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album... | N/A | NONE | — | 0 |
| CVE-2015-2156 Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly fl... | N/A | NONE | — | 0 |
| CVE-2015-3400 sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtai... | N/A | NONE | — | 0 |
| CVE-2022-33966 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2015-5164 The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code ... | N/A | NONE | — | 0 |
| CVE-2015-1239 Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a craft... | 6.5 | MEDIUM | — | 0 |
| CVE-2015-7714 Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in ... | 7.2 | HIGH | — | 0 |
| CVE-2015-7715 Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests tha... | 8.8 | HIGH | — | 0 |
| CVE-2015-5227 The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | N/A | NONE | — | 0 |
| CVE-2017-1000128 Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser | N/A | NONE | — | 0 |
| CVE-2015-7943 Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attac... | N/A | NONE | — | 0 |
| CVE-2016-5714 Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet ... | 7.2 | HIGH | — | 0 |
| CVE-2017-14322 The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrat... | N/A | NONE | — | 0 |
| CVE-2017-14956 AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local do... | N/A | NONE | — | 0 |
| CVE-2017-15359 In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo... | N/A | NONE | — | 0 |
| CVE-2025-0014 Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 7.3 | HIGH | — | 0 |
| CVE-2015-5739 The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead... | N/A | NONE | — | 0 |
| CVE-2015-5740 The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Con... | N/A | NONE | — | 0 |
| CVE-2015-6961 Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/lo... | N/A | NONE | — | 0 |
| CVE-2017-15600 In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. | N/A | NONE | — | 0 |
| CVE-2017-15601 In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. | N/A | NONE | — | 0 |
| CVE-2017-15602 In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted si... | N/A | NONE | — | 0 |
| CVE-2017-12251 A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) ope... | N/A | NONE | — | 0 |
| CVE-2017-12259 A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an aff... | N/A | NONE | — | 0 |
| CVE-2017-12260 A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote atta... | N/A | NONE | — | 0 |
| CVE-2017-12271 A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cro... | 8.8 | HIGH | — | 0 |
| CVE-2017-10065 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily e... | N/A | NONE | — | 0 |
| CVE-2022-33976 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2017-12272 A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of... | N/A | NONE | — | 0 |
| CVE-2017-12284 A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confide... | N/A | NONE | — | 0 |
| CVE-2017-12285 A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversa... | N/A | NONE | — | 0 |
| CVE-2017-12286 A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of... | N/A | NONE | — | 0 |
| CVE-2017-15379 An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | N/A | NONE | — | 0 |
| CVE-2017-12287 A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, re... | N/A | NONE | — | 0 |
| CVE-2017-12288 A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a u... | N/A | NONE | — | 0 |
| CVE-2017-12289 A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system l... | N/A | NONE | — | 0 |
| CVE-2017-12293 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the... | N/A | NONE | — | 0 |
| CVE-2017-15741 IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Possible Stack... | N/A | NONE | — | 0 |
| CVE-2017-12296 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability i... | N/A | NONE | — | 0 |
| CVE-2017-12298 A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is ... | N/A | NONE | — | 0 |
| CVE-2017-12301 A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operat... | N/A | NONE | — | 0 |
| CVE-2017-15609 Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. | N/A | NONE | — | 0 |
| CVE-2017-15610 An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an atta... | N/A | NONE | — | 0 |
| CVE-2017-15611 In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.