Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2013-7202 The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | N/A | NONE | — | 0 |
| CVE-2018-10521 In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because c... | N/A | NONE | — | 0 |
| CVE-2014-0841 IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-forc... | N/A | NONE | — | 0 |
| CVE-2014-1845 An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | N/A | NONE | — | 0 |
| CVE-2014-1846 Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | N/A | NONE | — | 0 |
| CVE-2014-2552 Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | N/A | NONE | — | 0 |
| CVE-2015-1857 The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. | 5.3 | MEDIUM | — | 0 |
| CVE-2018-7669 An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access a... | N/A | NONE | — | 0 |
| CVE-2018-10515 In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be pres... | N/A | NONE | — | 0 |
| CVE-2018-10516 In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS... | N/A | NONE | — | 0 |
| CVE-2018-10517 In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can ... | N/A | NONE | — | 0 |
| CVE-2018-10518 In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because... | N/A | NONE | — | 0 |
| CVE-2018-10519 CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because fi... | N/A | NONE | — | 0 |
| CVE-2018-10520 In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, becau... | N/A | NONE | — | 0 |
| CVE-2017-16075 http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | N/A | NONE | — | 0 |
| CVE-2017-18263 Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | N/A | NONE | — | 0 |
| CVE-2018-10468 The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into thei... | N/A | NONE | — | 0 |
| CVE-2018-10527 EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. | N/A | NONE | — | 0 |
| CVE-2018-10528 An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. | 8.8 | HIGH | — | 0 |
| CVE-2018-10529 An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | N/A | NONE | — | 0 |
| CVE-2018-10546 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not re... | N/A | NONE | — | 0 |
| CVE-2018-10534 The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory s... | N/A | NONE | — | 0 |
| CVE-2018-10535 The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a sy... | N/A | NONE | — | 0 |
| CVE-2018-10536 An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple f... | N/A | NONE | — | 0 |
| CVE-2018-10537 An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multip... | N/A | NONE | — | 0 |
| CVE-2018-10547 An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via... | N/A | NONE | — | 0 |
| CVE-2018-10538 An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempti... | N/A | NONE | — | 0 |
| CVE-2018-10539 An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before a... | N/A | NONE | — | 0 |
| CVE-2018-10540 An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before atte... | N/A | NONE | — | 0 |
| CVE-2018-9845 Etherpad Lite before 1.6.4 is exploitable for admin access. | N/A | NONE | — | 0 |
| CVE-2018-10545 An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c ... | N/A | NONE | — | 0 |
| CVE-2018-10548 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer de... | N/A | NONE | — | 0 |
| CVE-2018-10549 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data becaus... | N/A | NONE | — | 0 |
| CVE-2018-10553 An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow... | N/A | NONE | — | 0 |
| CVE-2018-10554 An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; ... | N/A | NONE | — | 0 |
| CVE-2018-10550 In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | N/A | NONE | — | 0 |
| CVE-2017-2591 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An auth... | N/A | NONE | — | 0 |
| CVE-2018-10365 An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly s... | N/A | NONE | — | 0 |
| CVE-2018-1257 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory ST... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-1258 Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauth... | 8.8 | HIGH | — | 0 |
| CVE-2018-1259 Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper res... | N/A | NONE | — | 0 |
| CVE-2018-1260 Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicio... | N/A | NONE | — | 0 |
| CVE-2018-1261 Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, x... | 4.7 | MEDIUM | — | 0 |
| CVE-2018-1278 Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of... | N/A | NONE | — | 0 |
| CVE-2018-1280 Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in di... | N/A | NONE | — | 0 |
| CVE-2018-10832 ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injec... | N/A | NONE | — | 0 |
| CVE-2018-5303 An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows ... | N/A | NONE | — | 0 |
| CVE-2018-5304 An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web applic... | N/A | NONE | — | 0 |
| CVE-2018-6023 Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. | N/A | NONE | — | 0 |
| CVE-2017-16081 cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.