Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2017-7155 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privil... | N/A | NONE | β | 0 |
| CVE-2017-17937 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | N/A | NONE | β | 0 |
| CVE-2017-7156 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected.... | N/A | NONE | β | 0 |
| CVE-2017-7157 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected.... | N/A | NONE | β | 0 |
| CVE-2017-7158 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading... | N/A | NONE | β | 0 |
| CVE-2017-7159 An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileg... | N/A | NONE | β | 0 |
| CVE-2017-7160 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected.... | N/A | NONE | β | 0 |
| CVE-2017-7162 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "... | N/A | NONE | β | 0 |
| CVE-2017-9944 A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticate... | N/A | NONE | β | 0 |
| CVE-2016-6914 Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | 7.8 | HIGH | β | 0 |
| CVE-2017-13056 The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. | N/A | NONE | β | 0 |
| CVE-2017-16768 Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | N/A | NONE | β | 0 |
| CVE-2015-6237 The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP ... | N/A | NONE | β | 0 |
| CVE-2015-7324 Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web scr... | N/A | NONE | β | 0 |
| CVE-2015-7666 Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro p... | N/A | NONE | β | 0 |
| CVE-2015-7667 Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote atta... | N/A | NONE | β | 0 |
| CVE-2015-7668 Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id... | N/A | NONE | β | 0 |
| CVE-2015-7669 Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and... | N/A | NONE | β | 0 |
| CVE-2017-11695 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cer... | N/A | NONE | β | 0 |
| CVE-2022-44028 An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6. | 6.1 | MEDIUM | β | 0 |
| CVE-2017-11696 Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted ce... | N/A | NONE | β | 0 |
| CVE-2017-11697 The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cer... | N/A | NONE | β | 0 |
| CVE-2017-11698 Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted c... | N/A | NONE | β | 0 |
| CVE-2017-9608 The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | N/A | NONE | β | 0 |
| CVE-2017-17938 PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | N/A | NONE | β | 0 |
| CVE-2014-8389 cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with ... | N/A | NONE | β | 0 |
| CVE-2015-3637 SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | N/A | NONE | β | 0 |
| CVE-2015-7889 The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service ac... | N/A | NONE | β | 0 |
| CVE-2017-10910 MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. | N/A | NONE | β | 0 |
| CVE-2017-17932 A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the... | N/A | NONE | β | 0 |
| CVE-2017-17936 Vanguard Marketplace Digital Products PHP has CSRF via /search. | N/A | NONE | β | 0 |
| CVE-2017-17939 PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | N/A | NONE | β | 0 |
| CVE-2017-17940 PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | N/A | NONE | β | 0 |
| CVE-2017-17941 PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | N/A | NONE | β | 0 |
| CVE-2017-17942 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | N/A | NONE | β | 0 |
| CVE-2017-15886 Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | N/A | NONE | β | 0 |
| CVE-2017-15892 Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND,... | N/A | NONE | β | 0 |
| CVE-2017-5641 Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed... | 9.8 | CRITICAL | β | 0 |
| CVE-2017-15667 In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. | N/A | NONE | β | 0 |
| CVE-2017-17951 PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | N/A | NONE | β | 0 |
| CVE-2017-17952 PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | N/A | NONE | β | 0 |
| CVE-2017-17953 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | N/A | NONE | β | 0 |
| CVE-2017-17954 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | N/A | NONE | β | 0 |
| CVE-2017-17955 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | N/A | NONE | β | 0 |
| CVE-2017-17956 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | N/A | NONE | β | 0 |
| CVE-2017-17957 PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | N/A | NONE | β | 0 |
| CVE-2014-2968 Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary w... | N/A | NONE | β | 0 |
| CVE-2014-2971 Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description... | N/A | NONE | β | 0 |
| CVE-2014-3110 Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote... | N/A | NONE | β | 0 |
| CVE-2014-3322 Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malf... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.