Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-11571 ClipperCMS 1.3.3 allows Session Fixation. | N/A | NONE | β | 0 |
| CVE-2018-11356 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in a... | N/A | NONE | β | 0 |
| CVE-2018-11357 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | N/A | NONE | β | 0 |
| CVE-2018-11358 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prev... | N/A | NONE | β | 0 |
| CVE-2018-11359 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. | N/A | NONE | β | 0 |
| CVE-2018-10356 A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in... | N/A | NONE | β | 0 |
| CVE-2018-11360 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buf... | N/A | NONE | β | 0 |
| CVE-2018-11361 In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. | N/A | NONE | β | 0 |
| CVE-2018-11362 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing ... | N/A | NONE | β | 0 |
| CVE-2018-11334 Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. | N/A | NONE | β | 0 |
| CVE-2018-7295 ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-t... | N/A | NONE | β | 0 |
| CVE-2018-11572 ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. | N/A | NONE | β | 0 |
| CVE-2017-2598 Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304). | N/A | NONE | β | 0 |
| CVE-2018-1124 procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create... | 7.8 | HIGH | β | 0 |
| CVE-2018-1126 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. | N/A | NONE | β | 0 |
| CVE-2018-11396 ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NUL... | N/A | NONE | β | 0 |
| CVE-2018-8176 A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." ... | N/A | NONE | β | 0 |
| CVE-2018-10357 A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop se... | N/A | NONE | β | 0 |
| CVE-2018-1122 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escal... | N/A | NONE | β | 0 |
| CVE-2018-1123 procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the i... | N/A | NONE | β | 0 |
| CVE-2018-1309 Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution. The fix to disable external general entity parsing and d... | N/A | NONE | β | 0 |
| CVE-2018-1310 Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The f... | N/A | NONE | β | 0 |
| CVE-2017-9317 Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtai... | N/A | NONE | β | 0 |
| CVE-2018-1193 Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially... | N/A | NONE | β | 0 |
| CVE-2018-8898 A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated at... | N/A | NONE | β | 0 |
| CVE-2018-10648 There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | N/A | NONE | β | 0 |
| CVE-2018-10649 There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | N/A | NONE | β | 0 |
| CVE-2018-10650 There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | N/A | NONE | β | 0 |
| CVE-2018-10651 There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | N/A | NONE | β | 0 |
| CVE-2018-10652 There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | N/A | NONE | β | 0 |
| CVE-2018-11473 Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). | N/A | NONE | β | 0 |
| CVE-2018-10653 There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | N/A | NONE | β | 0 |
| CVE-2018-10654 There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | N/A | NONE | β | 0 |
| CVE-2018-6495 Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser... | 5.4 | MEDIUM | β | 0 |
| CVE-2018-10428 ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | N/A | NONE | β | 0 |
| CVE-2018-11399 SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occu... | N/A | NONE | β | 0 |
| CVE-2018-11400 In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. | N/A | NONE | β | 0 |
| CVE-2018-11401 In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. | N/A | NONE | β | 0 |
| CVE-2018-11402 SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. | N/A | NONE | β | 0 |
| CVE-2018-11403 DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | N/A | NONE | β | 0 |
| CVE-2018-11404 DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | N/A | NONE | β | 0 |
| CVE-2018-11405 Kliqqi 2.0.2 has CSRF in admin/admin_users.php. | N/A | NONE | β | 0 |
| CVE-2018-11410 An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly ... | N/A | NONE | β | 0 |
| CVE-2018-12654 Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. | N/A | NONE | β | 0 |
| CVE-2018-1000036 In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | 5.5 | MEDIUM | β | 0 |
| CVE-2018-1000037 In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | 5.5 | MEDIUM | β | 0 |
| CVE-2018-1000038 In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | N/A | NONE | β | 0 |
| CVE-2018-1000039 In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file... | 6.3 | MEDIUM | β | 0 |
| CVE-2018-7526 In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able ... | N/A | NONE | β | 0 |
| CVE-2018-1000040 In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted fil... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.