Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-16093 In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file. | N/A | NONE | — | 0 |
| CVE-2018-16097 LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the up... | N/A | NONE | — | 0 |
| CVE-2018-9072 In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. | N/A | NONE | — | 0 |
| CVE-2018-1897 IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbi... | N/A | NONE | — | 0 |
| CVE-2018-1927 IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID... | N/A | NONE | — | 0 |
| CVE-2018-1928 IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also pe... | N/A | NONE | — | 0 |
| CVE-2018-15767 The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. | N/A | NONE | — | 0 |
| CVE-2018-15768 Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. | N/A | NONE | — | 0 |
| CVE-2018-3948 An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to request... | 7.5 | HIGH | — | 0 |
| CVE-2018-15835 Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. | N/A | NONE | — | 0 |
| CVE-2018-18860 A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to exec... | N/A | NONE | — | 0 |
| CVE-2018-18983 VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remo... | N/A | NONE | — | 0 |
| CVE-2018-18987 VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to ... | N/A | NONE | — | 0 |
| CVE-2018-19290 In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a ... | N/A | NONE | — | 0 |
| CVE-2018-16476 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to informa... | N/A | NONE | — | 0 |
| CVE-2018-16477 A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in wi... | N/A | NONE | — | 0 |
| CVE-2018-7806 Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feat... | N/A | NONE | — | 0 |
| CVE-2018-7807 Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authen... | N/A | NONE | — | 0 |
| CVE-2018-7809 An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the ... | N/A | NONE | — | 0 |
| CVE-2018-7810 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allow... | N/A | NONE | — | 0 |
| CVE-2018-7811 An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the ... | N/A | NONE | — | 0 |
| CVE-2018-7830 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a... | N/A | NONE | — | 0 |
| CVE-2018-7831 An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an ... | N/A | NONE | — | 0 |
| CVE-2018-15715 Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unaut... | N/A | NONE | — | 0 |
| CVE-2018-15716 NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. | N/A | NONE | — | 0 |
| CVE-2018-19784 The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for l... | N/A | NONE | — | 0 |
| CVE-2018-19785 PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. | N/A | NONE | — | 0 |
| CVE-2018-3949 An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclos... | 7.5 | HIGH | — | 0 |
| CVE-2018-3950 An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address ... | 8.8 | HIGH | — | 0 |
| CVE-2018-3951 An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resul... | 7.2 | HIGH | — | 0 |
| CVE-2018-4038 An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted doc... | 7.8 | HIGH | — | 0 |
| CVE-2018-4039 An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code ex... | 7.8 | HIGH | — | 0 |
| CVE-2018-4040 An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to deref... | 7.8 | HIGH | — | 0 |
| CVE-2018-19788 A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | N/A | NONE | — | 0 |
| CVE-2018-19791 The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body r... | N/A | NONE | — | 0 |
| CVE-2018-19792 The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which t... | N/A | NONE | — | 0 |
| CVE-2018-19793 jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in ... | N/A | NONE | — | 0 |
| CVE-2018-19836 In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issu... | N/A | NONE | — | 0 |
| CVE-2018-19794 Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter. | N/A | NONE | — | 0 |
| CVE-2018-19795 ChipsBank UMPTool saves the password to the NAND with a simple substitution cipher, which allows attackers to get full access when having physical access to the device. | N/A | NONE | — | 0 |
| CVE-2018-19796 An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redir... | N/A | NONE | — | 0 |
| CVE-2018-19797 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application c... | N/A | NONE | — | 0 |
| CVE-2018-16855 An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packe... | N/A | NONE | — | 0 |
| CVE-2018-16868 A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same ph... | 5.6 | MEDIUM | — | 0 |
| CVE-2018-16869 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the ... | 5.7 | MEDIUM | — | 0 |
| CVE-2018-1840 IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other th... | N/A | NONE | — | 0 |
| CVE-2018-7112 The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware upd... | N/A | NONE | — | 0 |
| CVE-2018-7113 A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates. | N/A | NONE | — | 0 |
| CVE-2018-7114 HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06)... | N/A | NONE | — | 0 |
| CVE-2018-14708 An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.