Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-19057 SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. | N/A | NONE | — | 0 |
| CVE-2018-18590 A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability c... | N/A | NONE | — | 0 |
| CVE-2018-19058 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded f... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-19059 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded... | N/A | NONE | — | 0 |
| CVE-2018-19060 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an... | N/A | NONE | — | 0 |
| CVE-2018-19061 DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | N/A | NONE | — | 0 |
| CVE-2018-16150 In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatur... | N/A | NONE | — | 0 |
| CVE-2018-16471 There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the s... | N/A | NONE | — | 0 |
| CVE-2018-8256 A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, Po... | N/A | NONE | — | 0 |
| CVE-2018-8407 An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affe... | N/A | NONE | — | 0 |
| CVE-2018-8408 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Wind... | N/A | NONE | — | 0 |
| CVE-2018-8584 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Wind... | N/A | NONE | — | 0 |
| CVE-2018-8415 A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, W... | N/A | NONE | — | 0 |
| CVE-2018-8416 A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. | N/A | NONE | — | 0 |
| CVE-2018-8417 A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Win... | N/A | NONE | — | 0 |
| CVE-2018-8450 A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wi... | N/A | NONE | — | 0 |
| CVE-2018-19280 Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | N/A | NONE | — | 0 |
| CVE-2018-8454 An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Win... | N/A | NONE | — | 0 |
| CVE-2018-8471 An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevati... | N/A | NONE | — | 0 |
| CVE-2018-8476 A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulne... | N/A | NONE | — | 0 |
| CVE-2018-8485 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.... | N/A | NONE | — | 0 |
| CVE-2018-0700 YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service conditio... | N/A | NONE | — | 0 |
| CVE-2018-8522 A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects... | N/A | NONE | — | 0 |
| CVE-2018-8524 A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects... | N/A | NONE | — | 0 |
| CVE-2018-8539 A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Micro... | N/A | NONE | — | 0 |
| CVE-2018-8541 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8606 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsof... | N/A | NONE | — | 0 |
| CVE-2018-8542 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8543 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8544 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, W... | N/A | NONE | — | 0 |
| CVE-2018-8545 An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | N/A | NONE | — | 0 |
| CVE-2018-8546 A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, S... | N/A | NONE | — | 0 |
| CVE-2018-8547 A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web reques... | N/A | NONE | — | 0 |
| CVE-2018-8549 A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, ... | N/A | NONE | — | 0 |
| CVE-2018-8550 An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Ser... | N/A | NONE | — | 0 |
| CVE-2018-16634 Pluck v4.7.7 allows CSRF via admin.php?action=settings. | N/A | NONE | — | 0 |
| CVE-2018-8551 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8552 An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer... | N/A | NONE | — | 0 |
| CVE-2018-8553 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affec... | N/A | NONE | — | 0 |
| CVE-2018-8554 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windo... | N/A | NONE | — | 0 |
| CVE-2018-8555 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8556 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8557 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8558 An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Informatio... | N/A | NONE | — | 0 |
| CVE-2018-17949 Cross site scripting vulnerability in iManager prior to 3.1 SP2. | N/A | NONE | — | 0 |
| CVE-2018-8561 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.... | N/A | NONE | — | 0 |
| CVE-2018-8562 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows ... | N/A | NONE | — | 0 |
| CVE-2018-8563 An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wi... | N/A | NONE | — | 0 |
| CVE-2018-8564 A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | N/A | NONE | — | 0 |
| CVE-2018-14934 The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device mi... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.