Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-15711 Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privilege... | N/A | NONE | — | 0 |
| CVE-2018-15712 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | N/A | NONE | — | 0 |
| CVE-2018-9347 In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed.... | N/A | NONE | — | 0 |
| CVE-2018-9457 In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no add... | N/A | NONE | — | 0 |
| CVE-2018-9521 In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no addi... | N/A | NONE | — | 0 |
| CVE-2018-9522 In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privil... | N/A | NONE | — | 0 |
| CVE-2018-9523 In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no ... | N/A | NONE | — | 0 |
| CVE-2018-9524 In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileg... | N/A | NONE | — | 0 |
| CVE-2018-9525 In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This co... | N/A | NONE | — | 0 |
| CVE-2018-9526 In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Ver... | N/A | NONE | — | 0 |
| CVE-2018-9527 In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. U... | N/A | NONE | — | 0 |
| CVE-2018-9528 In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution ... | N/A | NONE | — | 0 |
| CVE-2018-9529 In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution priv... | N/A | NONE | — | 0 |
| CVE-2018-9539 In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User inter... | N/A | NONE | — | 0 |
| CVE-2018-9540 In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional... | N/A | NONE | — | 0 |
| CVE-2018-9541 In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no addi... | N/A | NONE | — | 0 |
| CVE-2018-9542 In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileg... | N/A | NONE | — | 0 |
| CVE-2018-16619 Sonatype Nexus Repository Manager before 3.14 allows XSS. | N/A | NONE | — | 0 |
| CVE-2018-9543 In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additiona... | N/A | NONE | — | 0 |
| CVE-2018-9544 In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional executi... | N/A | NONE | — | 0 |
| CVE-2018-9545 In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges ne... | N/A | NONE | — | 0 |
| CVE-2018-9580 A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. | N/A | NONE | — | 0 |
| CVE-2018-5495 All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin No... | N/A | NONE | — | 0 |
| CVE-2018-17960 CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | N/A | NONE | — | 0 |
| CVE-2018-19278 Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, b... | N/A | NONE | — | 0 |
| CVE-2018-19281 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | N/A | NONE | — | 0 |
| CVE-2015-9274 HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-ta... | N/A | NONE | — | 0 |
| CVE-2018-19286 The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note. | 6.1 | MEDIUM | — | 0 |
| CVE-2018-19287 XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or for... | N/A | NONE | — | 0 |
| CVE-2018-19288 Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | N/A | NONE | — | 0 |
| CVE-2018-19289 An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file. | 6.1 | MEDIUM | — | 0 |
| CVE-2018-19291 An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI. | N/A | NONE | — | 0 |
| CVE-2018-8529 A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server... | N/A | NONE | — | 0 |
| CVE-2018-12480 Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | N/A | NONE | — | 0 |
| CVE-2018-0673 Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2018-0679 Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior... | N/A | NONE | — | 0 |
| CVE-2018-0680 Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or chang... | N/A | NONE | — | 0 |
| CVE-2018-0681 Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management... | N/A | NONE | — | 0 |
| CVE-2018-0682 Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or ch... | N/A | NONE | — | 0 |
| CVE-2018-0683 Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-o... | N/A | NONE | — | 0 |
| CVE-2018-0684 Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-o... | N/A | NONE | — | 0 |
| CVE-2018-0685 SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search. | N/A | NONE | — | 0 |
| CVE-2018-0686 Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via uns... | N/A | NONE | — | 0 |
| CVE-2018-0687 Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web sc... | N/A | NONE | — | 0 |
| CVE-2018-0690 An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. | N/A | NONE | — | 0 |
| CVE-2018-0691 Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.280... | N/A | NONE | — | 0 |
| CVE-2018-0692 Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | N/A | NONE | — | 0 |
| CVE-2018-0693 Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2018-0694 FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2018-0695 Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.