Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2018-14840 uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | N/A | NONE | — | 0 |
| CVE-2018-0407 A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scrip... | N/A | NONE | — | 0 |
| CVE-2018-0408 A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site script... | N/A | NONE | — | 0 |
| CVE-2018-0411 A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack a... | N/A | NONE | — | 0 |
| CVE-2018-0413 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and ... | N/A | NONE | — | 0 |
| CVE-2018-12468 A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the... | N/A | NONE | — | 0 |
| CVE-2018-3924 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed objec... | N/A | NONE | — | 0 |
| CVE-2018-3939 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object i... | 8.8 | HIGH | — | 0 |
| CVE-2018-10624 In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the ser... | N/A | NONE | — | 0 |
| CVE-2015-9262 _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | N/A | NONE | — | 0 |
| CVE-2018-14835 Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. | N/A | NONE | — | 0 |
| CVE-2018-14836 Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to t... | N/A | NONE | — | 0 |
| CVE-2018-2933 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.... | N/A | NONE | — | 0 |
| CVE-2018-3108 Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Difficu... | N/A | NONE | — | 0 |
| CVE-2018-3109 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploi... | N/A | NONE | — | 0 |
| CVE-2018-10920 Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. | 6.8 | MEDIUM | — | 0 |
| CVE-2018-12448 Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web... | N/A | NONE | — | 0 |
| CVE-2018-16373 Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | N/A | NONE | — | 0 |
| CVE-2018-1554 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti... | N/A | NONE | — | 0 |
| CVE-2018-8037 If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for ... | N/A | NONE | — | 0 |
| CVE-2017-9118 PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. | 7.5 | HIGH | — | 0 |
| CVE-2017-9120 PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer ove... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-7649 Monitorix before 3.10.1 allows XSS via CGI variables. | N/A | NONE | — | 0 |
| CVE-2017-14444 An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request,... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-14445 An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-14446 An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16338 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the ... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16339 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the b... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16340 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to t... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-6213 paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | N/A | NONE | — | 0 |
| CVE-2017-16341 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy t... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16342 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using str... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16343 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using str... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16344 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16345 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to th... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16346 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-6215 paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | N/A | NONE | — | 0 |
| CVE-2017-16347 An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the... | 9.9 | CRITICAL | — | 0 |
| CVE-2017-16349 An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in infor... | 8.1 | HIGH | — | 0 |
| CVE-2018-1154 In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating u... | N/A | NONE | — | 0 |
| CVE-2018-1155 In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports featur... | N/A | NONE | — | 0 |
| CVE-2018-14851 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bou... | N/A | NONE | — | 0 |
| CVE-2018-3834 An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binari... | 7.4 | HIGH | — | 0 |
| CVE-2018-14883 An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of ... | N/A | NONE | — | 0 |
| CVE-2018-14884 An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext... | N/A | NONE | — | 0 |
| CVE-2018-5489 NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions... | N/A | NONE | — | 0 |
| CVE-2018-6590 CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | 6.1 | MEDIUM | — | 0 |
| CVE-2017-8316 IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | N/A | NONE | — | 0 |
| CVE-2018-16374 Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | N/A | NONE | — | 0 |
| CVE-2018-13416 In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use thi... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.