Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-16211 lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16212 ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16213 mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16214 peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16215 sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16216 tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16217 fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16218 dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16219 yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16220 wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16221 yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16222 elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limite... | N/A | NONE | β | 0 |
| CVE-2018-3729 localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | β | 0 |
| CVE-2017-16223 nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | N/A | NONE | β | 0 |
| CVE-2017-16224 st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecur... | N/A | NONE | β | 0 |
| CVE-2017-16225 aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | N/A | NONE | β | 0 |
| CVE-2017-16226 The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arb... | N/A | NONE | β | 0 |
| CVE-2018-3711 Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | 7.5 | HIGH | β | 0 |
| CVE-2018-3712 serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any... | N/A | NONE | β | 0 |
| CVE-2018-3713 angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | 6.5 | MEDIUM | β | 0 |
| CVE-2018-3714 node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | 6.5 | MEDIUM | β | 0 |
| CVE-2018-3715 glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | 6.5 | MEDIUM | β | 0 |
| CVE-2018-3716 simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | 5.4 | MEDIUM | β | 0 |
| CVE-2018-3717 connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | 5.4 | MEDIUM | β | 0 |
| CVE-2018-3718 serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | 5.3 | MEDIUM | β | 0 |
| CVE-2018-3719 mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing... | 8.8 | HIGH | β | 0 |
| CVE-2018-3720 assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causin... | 8.8 | HIGH | β | 0 |
| CVE-2018-3730 mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | β | 0 |
| CVE-2018-12658 Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. | 6.1 | MEDIUM | β | 0 |
| CVE-2018-3721 lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify th... | 6.5 | MEDIUM | β | 0 |
| CVE-2018-3722 merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing... | N/A | NONE | β | 0 |
| CVE-2018-3723 defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, caus... | N/A | NONE | β | 0 |
| CVE-2018-3724 general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. | N/A | NONE | β | 0 |
| CVE-2018-3725 hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | β | 0 |
| CVE-2018-3726 crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | 6.1 | MEDIUM | β | 0 |
| CVE-2018-3727 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | β | 0 |
| CVE-2018-3731 public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | 7.5 | HIGH | β | 0 |
| CVE-2018-3732 resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of a... | 7.5 | HIGH | β | 0 |
| CVE-2018-3735 bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template | 6.1 | MEDIUM | β | 0 |
| CVE-2018-3737 sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. | 7.5 | HIGH | β | 0 |
| CVE-2018-3738 protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. | 5.5 | MEDIUM | β | 0 |
| CVE-2018-3739 https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed i... | N/A | NONE | β | 0 |
| CVE-2018-0263 A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due... | 7.4 | HIGH | β | 0 |
| CVE-2018-12016 libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. | N/A | NONE | β | 0 |
| CVE-2018-0274 A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. T... | 8.8 | HIGH | β | 0 |
| CVE-2018-0315 A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an af... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-0316 A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, re... | N/A | NONE | β | 0 |
| CVE-2018-0317 A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficien... | N/A | NONE | β | 0 |
| CVE-2018-0318 A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vu... | N/A | NONE | β | 0 |
| CVE-2018-0319 A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.