CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2017-1649 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-12473 A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by ... | N/A | NONE | — | 0 |
| CVE-2018-1395 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1403 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1404 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-15753 An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decryp... | N/A | NONE | — | 0 |
| CVE-2018-1405 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1439 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1440 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1498 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. | N/A | NONE | — | 0 |
| CVE-2018-1509 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) atta... | N/A | NONE | — | 0 |
| CVE-2018-17594 AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | — | 0 |
| CVE-2018-1522 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1557 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1558 IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... | N/A | NONE | — | 0 |
| CVE-2018-1593 IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568. | N/A | NONE | — | 0 |
| CVE-2018-1601 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-17595 In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | N/A | NONE | — | 0 |
| CVE-2018-1605 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1691 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-1692 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | — | 0 |
| CVE-2018-6261 NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of... | N/A | NONE | — | 0 |
| CVE-2018-6262 NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to inf... | N/A | NONE | — | 0 |
| CVE-2018-15563 _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. | N/A | NONE | — | 0 |
| CVE-2018-15752 An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authen... | N/A | NONE | — | 0 |
| CVE-2018-16984 An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an... | N/A | NONE | — | 0 |
| CVE-2018-17587 AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | — | 0 |
| CVE-2018-17588 AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | — | 0 |
| CVE-2018-17589 AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | — | 0 |
| CVE-2018-17590 AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | — | 0 |
| CVE-2018-17591 AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | — | 0 |
| CVE-2018-17593 AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | — | 0 |
| CVE-2018-17596 In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | N/A | NONE | — | 0 |
| CVE-2018-17786 On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code... | N/A | NONE | — | 0 |
| CVE-2018-17787 On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | N/A | NONE | — | 0 |
| CVE-2018-17884 XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | N/A | NONE | — | 0 |
| CVE-2018-17886 An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: thi... | N/A | NONE | — | 0 |
| CVE-2018-11748 Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0. | N/A | NONE | — | 0 |
| CVE-2018-11750 Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. | N/A | NONE | — | 0 |
| CVE-2018-11752 Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 re... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-12471 A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux... | N/A | NONE | — | 0 |
| CVE-2018-9452 In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode charac... | N/A | NONE | — | 0 |
| CVE-2018-9473 In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privile... | N/A | NONE | — | 0 |
| CVE-2018-9476 In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional ... | N/A | NONE | — | 0 |
| CVE-2018-9490 In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges n... | N/A | NONE | — | 0 |
| CVE-2018-14822 Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user a... | N/A | NONE | — | 0 |
| CVE-2018-9491 In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional exec... | N/A | NONE | — | 0 |
| CVE-2018-9492 In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed... | N/A | NONE | — | 0 |
| CVE-2018-9493 In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privil... | N/A | NONE | — | 0 |
| CVE-2018-9496 In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privil... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.