Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2017-16221 yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | — | 0 |
| CVE-2017-16222 elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limite... | N/A | NONE | — | 0 |
| CVE-2018-3729 localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | — | 0 |
| CVE-2017-16223 nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | — | 0 |
| CVE-2017-16224 st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecur... | N/A | NONE | — | 0 |
| CVE-2017-16225 aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | N/A | NONE | — | 0 |
| CVE-2017-16226 The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arb... | N/A | NONE | — | 0 |
| CVE-2018-3711 Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | 7.5 | HIGH | — | 0 |
| CVE-2018-3712 serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any... | N/A | NONE | — | 0 |
| CVE-2018-3713 angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | 6.5 | MEDIUM | — | 0 |
| CVE-2018-3714 node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | 6.5 | MEDIUM | — | 0 |
| CVE-2018-3715 glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | 6.5 | MEDIUM | — | 0 |
| CVE-2018-3716 simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | 5.4 | MEDIUM | — | 0 |
| CVE-2018-3717 connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | 5.4 | MEDIUM | — | 0 |
| CVE-2018-3718 serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | 5.3 | MEDIUM | — | 0 |
| CVE-2018-3719 mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing... | 8.8 | HIGH | — | 0 |
| CVE-2018-3720 assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causin... | 8.8 | HIGH | — | 0 |
| CVE-2018-3730 mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | — | 0 |
| CVE-2018-12658 Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. | 6.1 | MEDIUM | — | 0 |
| CVE-2018-3721 lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify th... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-3722 merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing... | N/A | NONE | — | 0 |
| CVE-2018-3723 defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, caus... | N/A | NONE | — | 0 |
| CVE-2018-3724 general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. | N/A | NONE | — | 0 |
| CVE-2018-3725 hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | — | 0 |
| CVE-2018-3726 crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | 6.1 | MEDIUM | — | 0 |
| CVE-2018-3727 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | — | 0 |
| CVE-2018-3731 public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | — | 0 |
| CVE-2018-3732 resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of a... | 7.5 | HIGH | — | 0 |
| CVE-2018-3735 bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template | 6.1 | MEDIUM | — | 0 |
| CVE-2018-3737 sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. | 7.5 | HIGH | — | 0 |
| CVE-2018-3738 protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. | 5.5 | MEDIUM | — | 0 |
| CVE-2018-3739 https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed i... | N/A | NONE | — | 0 |
| CVE-2018-0263 A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due... | 7.4 | HIGH | — | 0 |
| CVE-2018-12016 libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. | N/A | NONE | — | 0 |
| CVE-2018-0274 A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. T... | 8.8 | HIGH | — | 0 |
| CVE-2018-0315 A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an af... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-0316 A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, re... | N/A | NONE | — | 0 |
| CVE-2018-0317 A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficien... | N/A | NONE | — | 0 |
| CVE-2024-51859 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Enquiries allows Stored XSS.This issue affects Bamboo Enquiries: from n/a throug... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-0318 A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vu... | N/A | NONE | — | 0 |
| CVE-2018-0319 A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The... | N/A | NONE | — | 0 |
| CVE-2018-0320 A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to ... | N/A | NONE | — | 0 |
| CVE-2018-0321 A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an... | N/A | NONE | — | 0 |
| CVE-2018-0322 A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary... | N/A | NONE | — | 0 |
| CVE-2018-0353 A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and byp... | N/A | NONE | — | 0 |
| CVE-2018-12015 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink an... | N/A | NONE | — | 0 |
| CVE-2018-7688 A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. | N/A | NONE | — | 0 |
| CVE-2018-7689 Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. | N/A | NONE | — | 0 |
| CVE-2018-1514 IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a ... | N/A | NONE | — | 0 |
| CVE-2018-1547 IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.