Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2015-0796 In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow bui... | N/A | NONE | β | 0 |
| CVE-2017-14801 Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. | N/A | NONE | β | 0 |
| CVE-2017-14802 Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | N/A | NONE | β | 0 |
| CVE-2017-5189 NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentin... | N/A | NONE | β | 0 |
| CVE-2017-7419 A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider. | N/A | NONE | β | 0 |
| CVE-2017-7429 The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iMa... | N/A | NONE | β | 0 |
| CVE-2017-7438 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | N/A | NONE | β | 0 |
| CVE-2017-9267 In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. | N/A | NONE | β | 0 |
| CVE-2017-9276 Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. | N/A | NONE | β | 0 |
| CVE-2017-9277 The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. | N/A | NONE | β | 0 |
| CVE-2017-9278 The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | N/A | NONE | β | 0 |
| CVE-2017-9279 NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user adminis... | N/A | NONE | β | 0 |
| CVE-2017-9280 Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, ... | N/A | NONE | β | 0 |
| CVE-2017-9285 NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | N/A | NONE | β | 0 |
| CVE-2018-7433 The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | N/A | NONE | β | 0 |
| CVE-2015-7596 SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modif... | N/A | NONE | β | 0 |
| CVE-2015-7597 SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | N/A | NONE | β | 0 |
| CVE-2015-7598 SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an e... | N/A | NONE | β | 0 |
| CVE-2015-7961 SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an e... | N/A | NONE | β | 0 |
| CVE-2015-7962 SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an ex... | N/A | NONE | β | 0 |
| CVE-2015-7963 SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable m... | N/A | NONE | β | 0 |
| CVE-2015-7964 SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable mod... | N/A | NONE | β | 0 |
| CVE-2017-18214 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 7.5 | HIGH | β | 0 |
| CVE-2015-7965 SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executab... | N/A | NONE | β | 0 |
| CVE-2015-7966 SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executab... | N/A | NONE | β | 0 |
| CVE-2015-7967 SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying ... | N/A | NONE | β | 0 |
| CVE-2018-7449 SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | N/A | NONE | β | 0 |
| CVE-2018-7583 Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | N/A | NONE | β | 0 |
| CVE-2018-7651 index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. | N/A | NONE | β | 0 |
| CVE-2018-7652 lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2018-7654 On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | N/A | NONE | β | 0 |
| CVE-2017-18213 In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | N/A | NONE | β | 0 |
| CVE-2018-7653 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. | N/A | NONE | β | 0 |
| CVE-2018-7560 index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | 7.5 | HIGH | β | 0 |
| CVE-2018-7567 In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by ... | N/A | NONE | β | 0 |
| CVE-2018-7663 An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php)... | N/A | NONE | β | 0 |
| CVE-2018-7664 An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_download... | N/A | NONE | β | 0 |
| CVE-2018-7665 An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto ... | N/A | NONE | β | 0 |
| CVE-2018-7666 An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and t... | N/A | NONE | β | 0 |
| CVE-2018-7667 Adminer through 4.3.1 has SSRF via the server parameter. | N/A | NONE | β | 0 |
| CVE-2018-7668 TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | N/A | NONE | β | 0 |
| CVE-2018-1000115 Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial o... | N/A | NONE | β | 0 |
| CVE-2018-1316 The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files un... | N/A | NONE | β | 0 |
| CVE-2018-7644 The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion ... | N/A | NONE | β | 0 |
| CVE-2018-0490 An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause ... | N/A | NONE | β | 0 |
| CVE-2018-0491 A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added... | N/A | NONE | β | 0 |
| CVE-2017-7427 Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary J... | N/A | NONE | β | 0 |
| CVE-2017-7437 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. | N/A | NONE | β | 0 |
| CVE-2017-7633 QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device. | N/A | NONE | β | 0 |
| CVE-2018-5449 A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perf... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.