Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2015-9276 SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker'... | N/A | NONE | β | 0 |
| CVE-2015-9277 MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | N/A | NONE | β | 0 |
| CVE-2015-9278 MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | N/A | NONE | β | 0 |
| CVE-2015-9279 MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | N/A | NONE | β | 0 |
| CVE-2015-9280 MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2018-20723 A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. | N/A | NONE | β | 0 |
| CVE-2018-20724 A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. | N/A | NONE | β | 0 |
| CVE-2018-20725 A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. | N/A | NONE | β | 0 |
| CVE-2018-20726 A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. | N/A | NONE | β | 0 |
| CVE-2019-6455 An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c. | N/A | NONE | β | 0 |
| CVE-2019-6456 An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a. | N/A | NONE | β | 0 |
| CVE-2019-6457 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. | N/A | NONE | β | 0 |
| CVE-2019-6458 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. | N/A | NONE | β | 0 |
| CVE-2019-6459 An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. | N/A | NONE | β | 0 |
| CVE-2019-6460 An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a. | N/A | NONE | β | 0 |
| CVE-2019-6461 An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. | 6.5 | MEDIUM | β | 0 |
| CVE-2019-7585 An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI. | N/A | NONE | β | 0 |
| CVE-2019-6462 An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. | 6.5 | MEDIUM | β | 0 |
| CVE-2018-3125 Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Security (SQL Logger)). The supported version that is affected is 14.1. Easily exploitabl... | N/A | NONE | β | 0 |
| CVE-2018-3303 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily e... | N/A | NONE | β | 0 |
| CVE-2018-3304 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3... | N/A | NONE | β | 0 |
| CVE-2019-2412 Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supported version that is affected is prior to 8.8.2. Difficult... | N/A | NONE | β | 0 |
| CVE-2018-3305 Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3... | N/A | NONE | β | 0 |
| CVE-2018-3309 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows hi... | N/A | NONE | β | 0 |
| CVE-2018-3311 Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allo... | N/A | NONE | β | 0 |
| CVE-2019-2395 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerabili... | N/A | NONE | β | 0 |
| CVE-2017-3143 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIN... | N/A | NONE | β | 0 |
| CVE-2019-2396 Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.... | N/A | NONE | β | 0 |
| CVE-2019-2397 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability al... | N/A | NONE | β | 0 |
| CVE-2019-2398 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Deployment). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exp... | N/A | NONE | β | 0 |
| CVE-2019-2399 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to ... | N/A | NONE | β | 0 |
| CVE-2018-20731 A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. | N/A | NONE | β | 0 |
| CVE-2019-2400 Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2... | N/A | NONE | β | 0 |
| CVE-2019-2401 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability al... | N/A | NONE | β | 0 |
| CVE-2019-2402 Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Difficult to exploit vulnerability allows unauthent... | N/A | NONE | β | 0 |
| CVE-2019-2403 Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthentic... | N/A | NONE | β | 0 |
| CVE-2019-2481 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily ... | 4.9 | MEDIUM | β | 0 |
| CVE-2019-2404 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable ... | N/A | NONE | β | 0 |
| CVE-2019-2405 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to expl... | N/A | NONE | β | 0 |
| CVE-2019-2406 Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attack... | N/A | NONE | β | 0 |
| CVE-2019-2407 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability al... | N/A | NONE | β | 0 |
| CVE-2019-0624 A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype. | N/A | NONE | β | 0 |
| CVE-2019-2408 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Feeds). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable v... | N/A | NONE | β | 0 |
| CVE-2019-2409 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8... | N/A | NONE | β | 0 |
| CVE-2019-2410 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: DGS RES Online, FMS Sender, FMS Receiver, OHC WPF Securi... | N/A | NONE | β | 0 |
| CVE-2019-2411 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8... | N/A | NONE | β | 0 |
| CVE-2019-7235 An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This ... | N/A | NONE | β | 0 |
| CVE-2019-2413 Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability ... | N/A | NONE | β | 0 |
| CVE-2019-2414 Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows ... | N/A | NONE | β | 0 |
| CVE-2018-17469 Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.