Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-8495 A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows ... | N/A | NONE | — | 0 |
| CVE-2018-8497 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016... | N/A | NONE | — | 0 |
| CVE-2018-8498 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint E... | N/A | NONE | — | 0 |
| CVE-2018-8500 A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. | N/A | NONE | — | 0 |
| CVE-2018-8501 A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vuln... | N/A | NONE | — | 0 |
| CVE-2018-8502 A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability.... | N/A | NONE | — | 0 |
| CVE-2018-8503 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8504 A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." ... | N/A | NONE | — | 0 |
| CVE-2018-8505 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-18783 XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. | N/A | NONE | — | 0 |
| CVE-2018-8506 An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." ... | N/A | NONE | — | 0 |
| CVE-2018-8509 A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID i... | N/A | NONE | — | 0 |
| CVE-2018-8510 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8511 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-0050 An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause... | N/A | NONE | — | 0 |
| CVE-2018-8512 A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Securit... | N/A | NONE | — | 0 |
| CVE-2018-8513 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | — | 0 |
| CVE-2018-8518 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint E... | N/A | NONE | — | 0 |
| CVE-2018-8527 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Manageme... | N/A | NONE | — | 0 |
| CVE-2018-12541 In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There s... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-8530 A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft ... | N/A | NONE | — | 0 |
| CVE-2018-8531 A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerab... | N/A | NONE | — | 0 |
| CVE-2018-8532 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Managem... | N/A | NONE | — | 0 |
| CVE-2018-8533 An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Managem... | N/A | NONE | — | 0 |
| CVE-2018-12131 Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local ... | N/A | NONE | — | 0 |
| CVE-2018-15311 When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, lead... | N/A | NONE | — | 0 |
| CVE-2018-8006 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cau... | 6.1 | MEDIUM | — | 0 |
| CVE-2018-17915 All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allo... | N/A | NONE | — | 0 |
| CVE-2018-17917 All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and c... | N/A | NONE | — | 0 |
| CVE-2018-17919 All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/... | N/A | NONE | — | 0 |
| CVE-2018-18207 Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. | N/A | NONE | — | 0 |
| CVE-2018-18208 Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. | N/A | NONE | — | 0 |
| CVE-2018-18209 XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | N/A | NONE | — | 0 |
| CVE-2018-18210 XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | N/A | NONE | — | 0 |
| CVE-2018-13800 A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is... | N/A | NONE | — | 0 |
| CVE-2018-13801 A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a p... | N/A | NONE | — | 0 |
| CVE-2018-13802 A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute ... | N/A | NONE | — | 0 |
| CVE-2018-13805 A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl... | N/A | NONE | — | 0 |
| CVE-2018-18062 An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | N/A | NONE | — | 0 |
| CVE-2018-17925 Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. O... | N/A | NONE | — | 0 |
| CVE-2018-0043 Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attac... | N/A | NONE | — | 0 |
| CVE-2018-0044 An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The af... | N/A | NONE | — | 0 |
| CVE-2018-0045 Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same sp... | N/A | NONE | — | 0 |
| CVE-2018-18240 Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmar... | N/A | NONE | — | 0 |
| CVE-2018-18784 An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | N/A | NONE | — | 0 |
| CVE-2018-0046 A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrat... | N/A | NONE | — | 0 |
| CVE-2018-0047 A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow steal... | N/A | NONE | — | 0 |
| CVE-2018-0048 A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on t... | N/A | NONE | — | 0 |
| CVE-2018-0049 A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet wil... | 7.5 | HIGH | — | 0 |
| CVE-2018-18375 goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.