Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-6126 A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6127 Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H... | N/A | NONE | β | 0 |
| CVE-2018-6133 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2018-0704 Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. | N/A | NONE | β | 0 |
| CVE-2018-6135 Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6137 CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6139 Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary ... | N/A | NONE | β | 0 |
| CVE-2018-6140 Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbit... | N/A | NONE | β | 0 |
| CVE-2018-4033 The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file sys... | 5.5 | MEDIUM | β | 0 |
| CVE-2018-6141 Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via... | N/A | NONE | β | 0 |
| CVE-2018-6143 Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6144 Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. | N/A | NONE | β | 0 |
| CVE-2018-6147 Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. | N/A | NONE | β | 0 |
| CVE-2018-5879 Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD... | N/A | NONE | β | 0 |
| CVE-2018-6151 Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory ... | N/A | NONE | β | 0 |
| CVE-2018-6153 A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6158 A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6160 JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-0629 Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | N/A | NONE | β | 0 |
| CVE-2018-6162 Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6163 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2018-6164 Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6165 Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2019-7171 A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | N/A | NONE | β | 0 |
| CVE-2018-6166 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2018-6167 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | N/A | NONE | β | 0 |
| CVE-2018-6169 Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page. | N/A | NONE | β | 0 |
| CVE-2018-6170 A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | N/A | NONE | β | 0 |
| CVE-2018-0671 Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2019-10249 All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised. | 8.1 | HIGH | β | 0 |
| CVE-2019-3552 C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a ... | 7.5 | HIGH | β | 0 |
| CVE-2019-3558 Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time ... | 7.5 | HIGH | β | 0 |
| CVE-2019-3559 Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time fo... | 7.5 | HIGH | β | 0 |
| CVE-2019-3564 Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for ... | 7.5 | HIGH | β | 0 |
| CVE-2019-3565 Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messag... | 7.5 | HIGH | β | 0 |
| CVE-2019-3797 This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates βstartingWithβ, βendingWithβ or βcontainingβ could return more resul... | N/A | NONE | β | 0 |
| CVE-2019-3799 Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-5430 In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to... | N/A | NONE | β | 0 |
| CVE-2019-5431 This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allow... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-5432 A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. | 7.5 | HIGH | β | 0 |
| CVE-2019-5433 A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) d... | N/A | NONE | β | 0 |
| CVE-2019-5434 An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability co... | N/A | NONE | β | 0 |
| CVE-2018-17201 Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apac... | N/A | NONE | β | 0 |
| CVE-2018-17202 Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incub... | N/A | NONE | β | 0 |
| CVE-2018-13990 The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. | N/A | NONE | β | 0 |
| CVE-2018-4061 An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary com... | N/A | NONE | β | 0 |
| CVE-2018-4068 An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configurati... | N/A | NONE | β | 0 |
| CVE-2018-4069 An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintex... | N/A | NONE | β | 0 |
| CVE-2019-11807 The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopri... | N/A | NONE | β | 0 |
| CVE-2018-13983 ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.