Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-8214 An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This aff... | N/A | NONE | β | 0 |
| CVE-2018-12432 JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. | N/A | NONE | β | 0 |
| CVE-2018-8215 A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security... | N/A | NONE | β | 0 |
| CVE-2018-8216 A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security... | N/A | NONE | β | 0 |
| CVE-2018-8217 A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security... | N/A | NONE | β | 0 |
| CVE-2018-8218 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-... | N/A | NONE | β | 0 |
| CVE-2018-5863 If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the... | N/A | NONE | β | 0 |
| CVE-2018-8219 An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerabilit... | N/A | NONE | β | 0 |
| CVE-2018-8221 A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security... | N/A | NONE | β | 0 |
| CVE-2018-8224 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Serve... | N/A | NONE | β | 0 |
| CVE-2018-8225 A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." Th... | N/A | NONE | β | 0 |
| CVE-2018-9859 The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with Sys... | N/A | NONE | β | 0 |
| CVE-2018-8226 A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." ... | N/A | NONE | β | 0 |
| CVE-2018-8227 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | β | 0 |
| CVE-2018-8229 A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." Thi... | N/A | NONE | β | 0 |
| CVE-2018-8231 A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windo... | N/A | NONE | β | 0 |
| CVE-2018-12501 Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | N/A | NONE | β | 0 |
| CVE-2018-8233 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows ... | N/A | NONE | β | 0 |
| CVE-2018-8234 An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CV... | N/A | NONE | β | 0 |
| CVE-2018-8235 A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft ... | N/A | NONE | β | 0 |
| CVE-2018-8236 A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID i... | N/A | NONE | β | 0 |
| CVE-2018-8239 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Wind... | N/A | NONE | β | 0 |
| CVE-2018-8244 An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsof... | N/A | NONE | β | 0 |
| CVE-2018-8245 A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Co... | N/A | NONE | β | 0 |
| CVE-2018-8246 An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft ... | N/A | NONE | β | 0 |
| CVE-2018-8247 An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerabilit... | N/A | NONE | β | 0 |
| CVE-2018-10821 Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search pane... | 4.8 | MEDIUM | β | 0 |
| CVE-2018-8248 A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This a... | N/A | NONE | β | 0 |
| CVE-2018-8249 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. T... | N/A | NONE | β | 0 |
| CVE-2018-8251 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Ser... | N/A | NONE | β | 0 |
| CVE-2018-8252 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint E... | N/A | NONE | β | 0 |
| CVE-2018-12418 Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files. | N/A | NONE | β | 0 |
| CVE-2018-8254 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint E... | N/A | NONE | β | 0 |
| CVE-2018-8267 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects I... | N/A | NONE | β | 0 |
| CVE-2017-17172 Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a use... | N/A | NONE | β | 0 |
| CVE-2017-17173 Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can t... | N/A | NONE | β | 0 |
| CVE-2017-17309 Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device withou... | N/A | NONE | β | 0 |
| CVE-2018-4842 A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 swit... | N/A | NONE | β | 0 |
| CVE-2018-4848 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.... | N/A | NONE | β | 0 |
| CVE-2018-12114 Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | N/A | NONE | β | 0 |
| CVE-2018-12421 LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishand... | N/A | NONE | β | 0 |
| CVE-2017-12070 Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | N/A | NONE | β | 0 |
| CVE-2018-12503 tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h. | N/A | NONE | β | 0 |
| CVE-2018-11689 Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was tra... | 6.1 | MEDIUM | β | 0 |
| CVE-2018-11690 The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo... | N/A | NONE | β | 0 |
| CVE-2018-8819 An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parse... | N/A | NONE | β | 0 |
| CVE-2018-12420 IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request. | N/A | NONE | β | 0 |
| CVE-2018-12423 In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | N/A | NONE | β | 0 |
| CVE-2018-6516 On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 1... | N/A | NONE | β | 0 |
| CVE-2018-12356 An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, w... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.