Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-13993 The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. | N/A | NONE | β | 0 |
| CVE-2018-13994 The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. | N/A | NONE | β | 0 |
| CVE-2018-14478 ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. | N/A | NONE | β | 0 |
| CVE-2018-14485 BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | N/A | NONE | β | 0 |
| CVE-2019-10742 Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. | N/A | NONE | β | 0 |
| CVE-2019-10869 Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to ... | 8.1 | HIGH | β | 0 |
| CVE-2019-11629 Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. | N/A | NONE | β | 0 |
| CVE-2018-19456 The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql. | N/A | NONE | β | 0 |
| CVE-2018-2001 IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr... | N/A | NONE | β | 0 |
| CVE-2018-2008 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146. | N/A | NONE | β | 0 |
| CVE-2018-20503 Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter. | N/A | NONE | β | 0 |
| CVE-2019-4207 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. | 3.3 | LOW | β | 0 |
| CVE-2019-4208 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s... | 7.1 | HIGH | β | 0 |
| CVE-2019-7426 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. | N/A | NONE | β | 0 |
| CVE-2019-7427 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. | N/A | NONE | β | 0 |
| CVE-2019-7443 KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of a... | N/A | NONE | β | 0 |
| CVE-2019-7541 Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | N/A | NONE | β | 0 |
| CVE-2019-7564 An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST reque... | N/A | NONE | β | 0 |
| CVE-2019-7687 cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data. | N/A | NONE | β | 0 |
| CVE-2019-7745 JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key fi... | N/A | NONE | β | 0 |
| CVE-2018-3760 There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists... | N/A | NONE | β | 0 |
| CVE-2018-10594 Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length... | N/A | NONE | β | 0 |
| CVE-2018-12895 WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can del... | 8.8 | HIGH | β | 0 |
| CVE-2018-1374 An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the... | N/A | NONE | β | 0 |
| CVE-2018-12908 Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstra... | N/A | NONE | β | 0 |
| CVE-2018-13346 The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | N/A | NONE | β | 0 |
| CVE-2018-13347 mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | N/A | NONE | β | 0 |
| CVE-2018-13348 The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actua... | N/A | NONE | β | 0 |
| CVE-2018-8929 Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attac... | N/A | NONE | β | 0 |
| CVE-2017-2665 The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any... | N/A | NONE | β | 0 |
| CVE-2017-18158 Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05... | N/A | NONE | β | 0 |
| CVE-2017-1237 IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall... | N/A | NONE | β | 0 |
| CVE-2017-1238 IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende... | N/A | NONE | β | 0 |
| CVE-2017-1239 IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357. | N/A | NONE | β | 0 |
| CVE-2017-1242 IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro... | N/A | NONE | β | 0 |
| CVE-2018-13409 An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administra... | N/A | NONE | β | 0 |
| CVE-2017-1248 IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro... | N/A | NONE | β | 0 |
| CVE-2017-1329 IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro... | N/A | NONE | β | 0 |
| CVE-2017-1488 An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627. | N/A | NONE | β | 0 |
| CVE-2017-1509 IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. | N/A | NONE | β | 0 |
| CVE-2018-5897 While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android f... | N/A | NONE | β | 0 |
| CVE-2017-1559 Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758. | N/A | NONE | β | 0 |
| CVE-2017-1795 IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. | N/A | NONE | β | 0 |
| CVE-2018-11124 Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute... | N/A | NONE | β | 0 |
| CVE-2018-13108 All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract furthe... | N/A | NONE | β | 0 |
| CVE-2018-13109 All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web int... | N/A | NONE | β | 0 |
| CVE-2018-13110 All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previou... | N/A | NONE | β | 0 |
| CVE-2018-13405 The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain... | 7.8 | HIGH | β | 0 |
| CVE-2018-13406 An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially ele... | 7.8 | HIGH | β | 0 |
| CVE-2018-1494 IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.