CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2018-6611 soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. | 8.8 | HIGH | — | 0 |
| CVE-2017-8980 A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | N/A | NONE | — | 0 |
| CVE-2017-8981 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found. | N/A | NONE | — | 0 |
| CVE-2017-8982 A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. | N/A | NONE | — | 0 |
| CVE-2017-8983 A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found. | N/A | NONE | — | 0 |
| CVE-2017-8984 A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found. | N/A | NONE | — | 0 |
| CVE-2017-8985 HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00. | N/A | NONE | — | 0 |
| CVE-2017-8993 A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | N/A | NONE | — | 0 |
| CVE-2017-14800 A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated use... | N/A | NONE | — | 0 |
| CVE-2018-5767 An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header... | N/A | NONE | — | 0 |
| CVE-2018-6316 Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass appl... | N/A | NONE | — | 0 |
| CVE-2018-1000067 An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited infor... | 5.3 | MEDIUM | — | 0 |
| CVE-2018-1000068 An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF... | 5.3 | MEDIUM | — | 0 |
| CVE-2017-14535 trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | 8.8 | HIGH | — | 0 |
| CVE-2017-14536 trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php. | N/A | NONE | — | 0 |
| CVE-2017-14537 trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | 6.5 | MEDIUM | — | 0 |
| CVE-2018-6189 F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resour... | N/A | NONE | — | 0 |
| CVE-2018-6324 F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. | N/A | NONE | — | 0 |
| CVE-2018-7176 FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page). | N/A | NONE | — | 0 |
| CVE-2018-6943 core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variabl... | N/A | NONE | — | 0 |
| CVE-2018-6944 core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable... | N/A | NONE | — | 0 |
| CVE-2017-18089 The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scri... | N/A | NONE | — | 0 |
| CVE-2018-7186 Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or... | N/A | NONE | — | 0 |
| CVE-2017-18190 A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon... | N/A | NONE | — | 0 |
| CVE-2018-0515 Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | N/A | NONE | — | 0 |
| CVE-2018-0516 Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | N/A | NONE | — | 0 |
| CVE-2018-7187 The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remot... | 8.8 | HIGH | — | 0 |
| CVE-2017-18090 Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site script... | N/A | NONE | — | 0 |
| CVE-2017-18091 The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject a... | N/A | NONE | — | 0 |
| CVE-2018-7188 An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib... | N/A | NONE | — | 0 |
| CVE-2018-1049 In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint a... | 5.9 | MEDIUM | — | 0 |
| CVE-2018-3609 A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log ... | N/A | NONE | — | 0 |
| CVE-2018-5989 SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-5990 SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. | N/A | NONE | — | 0 |
| CVE-2018-6218 A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | 7.0 | HIGH | — | 0 |
| CVE-2018-5970 SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. | N/A | NONE | — | 0 |
| CVE-2018-5971 SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. | N/A | NONE | — | 0 |
| CVE-2018-5974 SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. | N/A | NONE | — | 0 |
| CVE-2018-5975 SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. | N/A | NONE | — | 0 |
| CVE-2018-5980 SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. | N/A | NONE | — | 0 |
| CVE-2018-5981 SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. | N/A | NONE | — | 0 |
| CVE-2018-5982 SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. | N/A | NONE | — | 0 |
| CVE-2018-5983 SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. | N/A | NONE | — | 0 |
| CVE-2018-5987 SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the ca... | N/A | NONE | — | 0 |
| CVE-2018-5992 SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. | N/A | NONE | — | 0 |
| CVE-2018-5993 SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. | N/A | NONE | — | 0 |
| CVE-2018-5994 SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | N/A | NONE | — | 0 |
| CVE-2018-6004 SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | N/A | NONE | — | 0 |
| CVE-2018-6005 SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | N/A | NONE | — | 0 |
| CVE-2018-6006 SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.