Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-13395 Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0... | N/A | NONE | — | 0 |
| CVE-2014-4932 Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php. | N/A | NONE | — | 0 |
| CVE-2014-6045 SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function. | N/A | NONE | — | 0 |
| CVE-2014-6046 Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users ... | N/A | NONE | — | 0 |
| CVE-2014-6049 phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. | N/A | NONE | — | 0 |
| CVE-2014-6050 phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. | N/A | NONE | — | 0 |
| CVE-2018-15529 A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands wit... | N/A | NONE | — | 0 |
| CVE-2018-15571 The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection. | N/A | NONE | — | 0 |
| CVE-2018-15839 D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-3926 An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore pro... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-15160 The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. N... | N/A | NONE | — | 0 |
| CVE-2017-15407 Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. | N/A | NONE | — | 0 |
| CVE-2017-15408 Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | N/A | NONE | — | 0 |
| CVE-2017-15409 Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15410 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | N/A | NONE | — | 0 |
| CVE-2018-15596 An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. T... | N/A | NONE | — | 0 |
| CVE-2017-15411 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | N/A | NONE | — | 0 |
| CVE-2017-15412 Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15413 Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15415 Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2018-15608 Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen. | N/A | NONE | — | 0 |
| CVE-2017-15416 Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | N/A | NONE | — | 0 |
| CVE-2017-15417 Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15418 Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15419 Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted ... | N/A | NONE | — | 0 |
| CVE-2018-14768 Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. | N/A | NONE | — | 0 |
| CVE-2017-15420 Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML p... | N/A | NONE | — | 0 |
| CVE-2017-15422 Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a ... | N/A | NONE | — | 0 |
| CVE-2017-15423 Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. | N/A | NONE | — | 0 |
| CVE-2017-15424 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | N/A | NONE | — | 0 |
| CVE-2017-15425 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | N/A | NONE | — | 0 |
| CVE-2017-15426 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | N/A | NONE | — | 0 |
| CVE-2017-15427 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | N/A | NONE | — | 0 |
| CVE-2017-15430 Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2018-14572 In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system... | N/A | NONE | — | 0 |
| CVE-2018-15562 CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. | N/A | NONE | — | 0 |
| CVE-2018-15740 Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | 6.1 | MEDIUM | — | 0 |
| CVE-2018-15873 A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2018-15884 RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | N/A | NONE | — | 0 |
| CVE-2018-15901 e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | N/A | NONE | — | 0 |
| CVE-2018-3895 An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call ove... | 8.8 | HIGH | — | 0 |
| CVE-2018-3908 An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipel... | 7.5 | HIGH | — | 0 |
| CVE-2018-6643 Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. | N/A | NONE | — | 0 |
| CVE-2017-15396 A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remot... | N/A | NONE | — | 0 |
| CVE-2017-15398 A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. | N/A | NONE | — | 0 |
| CVE-2017-15399 A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15406 A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2017-15429 Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | N/A | NONE | — | 0 |
| CVE-2018-3916 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.... | 7.8 | HIGH | — | 0 |
| CVE-2018-15896 PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.