CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2017-12472 ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc. | N/A | NONE | — | 0 |
| CVE-2017-12473 ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values." | N/A | NONE | — | 0 |
| CVE-2017-1692 IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067. | N/A | NONE | — | 0 |
| CVE-2017-1785 IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. | N/A | NONE | — | 0 |
| CVE-2018-1366 IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-F... | N/A | NONE | — | 0 |
| CVE-2018-1382 IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea... | N/A | NONE | — | 0 |
| CVE-2018-1388 GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212. | N/A | NONE | — | 0 |
| CVE-2018-6824 Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'emai... | N/A | NONE | — | 0 |
| CVE-2018-6574 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, beca... | N/A | NONE | — | 0 |
| CVE-2018-6655 PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. | N/A | NONE | — | 0 |
| CVE-2018-6795 PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. | N/A | NONE | — | 0 |
| CVE-2018-6796 PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. | N/A | NONE | — | 0 |
| CVE-2017-15386 Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15387 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a c... | N/A | NONE | — | 0 |
| CVE-2017-15388 Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15389 An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15390 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | N/A | NONE | — | 0 |
| CVE-2017-15391 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15392 Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registr... | N/A | NONE | — | 0 |
| CVE-2017-15393 Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page... | N/A | NONE | — | 0 |
| CVE-2018-0514 MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2017-15394 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome E... | N/A | NONE | — | 0 |
| CVE-2017-15395 A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | N/A | NONE | — | 0 |
| CVE-2017-15397 Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests... | N/A | NONE | — | 0 |
| CVE-2017-15400 Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD f... | N/A | NONE | — | 0 |
| CVE-2017-5124 Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | N/A | NONE | — | 0 |
| CVE-2018-14974 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. | N/A | NONE | — | 0 |
| CVE-2017-5125 Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-5126 A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | N/A | NONE | — | 0 |
| CVE-2017-5127 Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | N/A | NONE | — | 0 |
| CVE-2017-5128 Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. | N/A | NONE | — | 0 |
| CVE-2017-5129 A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-5131 An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. | N/A | NONE | — | 0 |
| CVE-2017-5132 Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack mani... | N/A | NONE | — | 0 |
| CVE-2017-5133 Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted P... | N/A | NONE | — | 0 |
| CVE-2018-6829 cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i... | N/A | NONE | — | 0 |
| CVE-2018-0113 A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability... | N/A | NONE | — | 0 |
| CVE-2018-0116 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, ... | N/A | NONE | — | 0 |
| CVE-2018-0117 A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both... | N/A | NONE | — | 0 |
| CVE-2018-0119 A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that... | N/A | NONE | — | 0 |
| CVE-2018-0120 A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerabil... | N/A | NONE | — | 0 |
| CVE-2018-0122 A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are s... | 4.4 | MEDIUM | — | 0 |
| CVE-2018-0512 Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2018-0123 A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system... | N/A | NONE | — | 0 |
| CVE-2018-0127 A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration ... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-0128 A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack aga... | N/A | NONE | — | 0 |
| CVE-2018-0129 A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack ... | N/A | NONE | — | 0 |
| CVE-2018-0517 Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | N/A | NONE | — | 0 |
| CVE-2018-0132 A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB)... | N/A | NONE | — | 0 |
| CVE-2018-0134 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs ... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.