Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-17280 NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then... | N/A | NONE | β | 0 |
| CVE-2017-17281 SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V60... | N/A | NONE | β | 0 |
| CVE-2017-17303 Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300... | N/A | NONE | β | 0 |
| CVE-2018-9928 Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | N/A | NONE | β | 0 |
| CVE-2017-17321 Huawei eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker cou... | N/A | NONE | β | 0 |
| CVE-2017-17322 Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain pr... | N/A | NONE | β | 0 |
| CVE-2017-17323 Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain i... | N/A | NONE | β | 0 |
| CVE-2017-17324 Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an ... | N/A | NONE | β | 0 |
| CVE-2017-17325 Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same net... | N/A | NONE | β | 0 |
| CVE-2017-17326 Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after ... | N/A | NONE | β | 0 |
| CVE-2017-17328 Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the... | N/A | NONE | β | 0 |
| CVE-2017-17329 Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted... | N/A | NONE | β | 0 |
| CVE-2017-17330 Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a... | N/A | NONE | β | 0 |
| CVE-2016-0253 Cross-site scripting (XSS) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check... | N/A | NONE | β | 0 |
| CVE-2016-0268 XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check ... | N/A | NONE | β | 0 |
| CVE-2018-1000108 A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary Java... | N/A | NONE | β | 0 |
| CVE-2016-0272 Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) fo... | N/A | NONE | β | 0 |
| CVE-2016-0274 IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0... | N/A | NONE | β | 0 |
| CVE-2016-0275 IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0... | N/A | NONE | β | 0 |
| CVE-2016-0276 IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0... | N/A | NONE | β | 0 |
| CVE-2016-0286 IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote authenticated users to obtain administrator passwords by leveraging unspecifie... | N/A | NONE | β | 0 |
| CVE-2018-7998 In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or pos... | N/A | NONE | β | 0 |
| CVE-2018-7999 In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possi... | N/A | NONE | β | 0 |
| CVE-2018-8000 In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage ... | N/A | NONE | β | 0 |
| CVE-2018-8001 In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly ... | N/A | NONE | β | 0 |
| CVE-2018-8002 In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vul... | N/A | NONE | β | 0 |
| CVE-2014-2592 Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | N/A | NONE | β | 0 |
| CVE-2014-4861 The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | N/A | NONE | β | 0 |
| CVE-2014-6617 Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | N/A | NONE | β | 0 |
| CVE-2016-8612 Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the ser... | N/A | NONE | β | 0 |
| CVE-2016-9591 JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. | N/A | NONE | β | 0 |
| CVE-2016-9606 JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrar... | N/A | NONE | β | 0 |
| CVE-2018-7290 Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. | N/A | NONE | β | 0 |
| CVE-2018-1000109 An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential... | N/A | NONE | β | 0 |
| CVE-2018-7536 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophi... | N/A | NONE | β | 0 |
| CVE-2018-7537 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they we... | N/A | NONE | β | 0 |
| CVE-2018-7581 \ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login... | N/A | NONE | β | 0 |
| CVE-2018-7582 WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991. | N/A | NONE | β | 0 |
| CVE-2016-8782 Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LD... | N/A | NONE | β | 0 |
| CVE-2016-8783 Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into ... | N/A | NONE | β | 0 |
| CVE-2016-8784 Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LD... | N/A | NONE | β | 0 |
| CVE-2016-8785 Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the l... | N/A | NONE | β | 0 |
| CVE-2016-8786 Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00,... | N/A | NONE | β | 0 |
| CVE-2017-15314 Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600... | N/A | NONE | β | 0 |
| CVE-2018-7231 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta ch... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-15315 Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20... | N/A | NONE | β | 0 |
| CVE-2017-15323 Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, ... | N/A | NONE | β | 0 |
| CVE-2017-17282 SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C0... | N/A | NONE | β | 0 |
| CVE-2018-7227 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can... | 5.3 | MEDIUM | β | 0 |
| CVE-2018-7228 A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.