Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-11091 An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system comma... | N/A | NONE | — | 0 |
| CVE-2018-11095 The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial... | N/A | NONE | — | 0 |
| CVE-2018-11097 An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability that could lead to a program crash. | N/A | NONE | — | 0 |
| CVE-2018-11098 An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. | N/A | NONE | — | 0 |
| CVE-2018-11100 The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a d... | N/A | NONE | — | 0 |
| CVE-2018-11102 An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated ... | N/A | NONE | — | 0 |
| CVE-2018-10825 Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the pos... | N/A | NONE | — | 0 |
| CVE-2018-1131 Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious obje... | N/A | NONE | — | 0 |
| CVE-2018-3611 Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access. | N/A | NONE | — | 0 |
| CVE-2018-3634 Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | 5.5 | MEDIUM | — | 0 |
| CVE-2018-3661 Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service. | N/A | NONE | — | 0 |
| CVE-2018-11105 There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_sup... | N/A | NONE | — | 0 |
| CVE-2018-1087 kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions de... | N/A | NONE | — | 0 |
| CVE-2017-2815 An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. A... | N/A | NONE | — | 0 |
| CVE-2018-11126 dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | N/A | NONE | — | 0 |
| CVE-2018-11127 e107 2.1.7 has CSRF resulting in arbitrary user deletion. | N/A | NONE | — | 0 |
| CVE-2018-11094 An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For exampl... | N/A | NONE | — | 0 |
| CVE-2017-2600 In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURIT... | N/A | NONE | — | 0 |
| CVE-2017-2608 Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383). | N/A | NONE | — | 0 |
| CVE-2017-2612 In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. | N/A | NONE | — | 0 |
| CVE-2018-1262 Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administra... | N/A | NONE | — | 0 |
| CVE-2018-1263 Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archi... | 4.7 | MEDIUM | — | 0 |
| CVE-2017-2602 jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written t... | N/A | NONE | — | 0 |
| CVE-2017-2603 Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362). | N/A | NONE | — | 0 |
| CVE-2017-2604 In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371). | N/A | NONE | — | 0 |
| CVE-2017-2610 jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names ... | N/A | NONE | — | 0 |
| CVE-2017-2613 jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could... | N/A | NONE | — | 0 |
| CVE-2018-10589 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-10590 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-10591 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-3639 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of in... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-7495 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-7497 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-7499 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-7501 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-7503 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-7505 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-8841 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | N/A | NONE | — | 0 |
| CVE-2018-8845 In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAcce... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-10123 p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. | N/A | NONE | — | 0 |
| CVE-2018-10735 A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | N/A | NONE | — | 0 |
| CVE-2018-10736 A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | N/A | NONE | — | 0 |
| CVE-2018-10737 A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | N/A | NONE | — | 0 |
| CVE-2018-10738 A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | N/A | NONE | — | 0 |
| CVE-2018-10810 chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | N/A | NONE | — | 0 |
| CVE-2018-5231 The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 all... | N/A | NONE | — | 0 |
| CVE-2017-16062 node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | 7.5 | HIGH | — | 0 |
| CVE-2018-10240 SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. Thi... | N/A | NONE | — | 0 |
| CVE-2018-10241 A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning ... | N/A | NONE | — | 0 |
| CVE-2018-10759 PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.