Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-1999019 Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-1999020 Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java li... | N/A | NONE | β | 0 |
| CVE-2018-1999021 Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack app... | N/A | NONE | β | 0 |
| CVE-2018-7093 A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior ... | N/A | NONE | β | 0 |
| CVE-2018-7094 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. | N/A | NONE | β | 0 |
| CVE-2018-7095 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. | N/A | NONE | β | 0 |
| CVE-2018-7096 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. | N/A | NONE | β | 0 |
| CVE-2018-7097 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. | N/A | NONE | β | 0 |
| CVE-2018-16432 BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. | N/A | NONE | β | 0 |
| CVE-2018-7098 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. | N/A | NONE | β | 0 |
| CVE-2018-7099 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. | N/A | NONE | β | 0 |
| CVE-2018-7100 A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.... | N/A | NONE | β | 0 |
| CVE-2018-0131 A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Inter... | N/A | NONE | β | 0 |
| CVE-2018-14348 libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | N/A | NONE | β | 0 |
| CVE-2018-2441 Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21... | N/A | NONE | β | 0 |
| CVE-2018-2442 In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be ... | N/A | NONE | β | 0 |
| CVE-2018-2444 SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | N/A | NONE | β | 0 |
| CVE-2018-2445 AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting... | N/A | NONE | β | 0 |
| CVE-2018-2446 Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | 7.5 | HIGH | β | 0 |
| CVE-2018-2448 Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. | N/A | NONE | β | 0 |
| CVE-2018-2449 SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality t... | N/A | NONE | β | 0 |
| CVE-2018-2450 SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. | N/A | NONE | β | 0 |
| CVE-2018-2451 XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a p... | N/A | NONE | β | 0 |
| CVE-2018-5392 mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to fun... | N/A | NONE | β | 0 |
| CVE-2018-15845 There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | N/A | NONE | β | 0 |
| CVE-2018-14424 The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially ... | N/A | NONE | β | 0 |
| CVE-2018-14429 man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | N/A | NONE | β | 0 |
| CVE-2018-14888 inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject. | N/A | NONE | β | 0 |
| CVE-2018-14922 Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile... | N/A | NONE | β | 0 |
| CVE-2018-12537 In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfilter... | N/A | NONE | β | 0 |
| CVE-2018-13394 The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote ... | N/A | NONE | β | 0 |
| CVE-2018-12539 In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which... | N/A | NONE | β | 0 |
| CVE-2018-3615 Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an encl... | N/A | NONE | β | 0 |
| CVE-2018-3620 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acce... | N/A | NONE | β | 0 |
| CVE-2018-3646 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acce... | N/A | NONE | β | 0 |
| CVE-2018-3937 An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause a... | N/A | NONE | β | 0 |
| CVE-2018-3938 An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stac... | N/A | NONE | β | 0 |
| CVE-2018-13393 The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allo... | N/A | NONE | β | 0 |
| CVE-2018-16458 An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | N/A | NONE | β | 0 |
| CVE-2018-6973 VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. | N/A | NONE | β | 0 |
| CVE-2018-1455 IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fr... | N/A | NONE | β | 0 |
| CVE-2018-0952 An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulner... | N/A | NONE | β | 0 |
| CVE-2018-10369 A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. | N/A | NONE | β | 0 |
| CVE-2018-10917 pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to o... | N/A | NONE | β | 0 |
| CVE-2018-11687 An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital... | N/A | NONE | β | 0 |
| CVE-2018-12056 The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved... | N/A | NONE | β | 0 |
| CVE-2018-15138 Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | N/A | NONE | β | 0 |
| CVE-2018-15146 SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL comma... | N/A | NONE | β | 0 |
| CVE-2018-15147 SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL com... | N/A | NONE | β | 0 |
| CVE-2018-15148 SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the '... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.