Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-4001 An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer rep... | 7.8 | HIGH | β | 0 |
| CVE-2015-9269 The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a ... | N/A | NONE | β | 0 |
| CVE-2015-9270 XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. | N/A | NONE | β | 0 |
| CVE-2018-17867 The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP ... | N/A | NONE | β | 0 |
| CVE-2018-17868 DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | N/A | NONE | β | 0 |
| CVE-2018-17869 DASAN H660GW devices do not implement any CSRF protection mechanism. | N/A | NONE | β | 0 |
| CVE-2018-17870 An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. | N/A | NONE | β | 0 |
| CVE-2018-17874 ExpressionEngine before 4.3.5 has reflected XSS. | N/A | NONE | β | 0 |
| CVE-2018-11072 Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and ... | N/A | NONE | β | 0 |
| CVE-2018-9069 In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator ac... | 5.9 | MEDIUM | β | 0 |
| CVE-2017-1649 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-12473 A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by ... | N/A | NONE | β | 0 |
| CVE-2018-1395 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1403 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1404 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-15753 An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decryp... | N/A | NONE | β | 0 |
| CVE-2018-1405 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1439 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1440 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1498 IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223. | N/A | NONE | β | 0 |
| CVE-2018-1509 IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) atta... | N/A | NONE | β | 0 |
| CVE-2018-17594 AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | β | 0 |
| CVE-2018-1522 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1557 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1558 IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the... | N/A | NONE | β | 0 |
| CVE-2018-1593 IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568. | N/A | NONE | β | 0 |
| CVE-2018-1601 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-17595 In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | N/A | NONE | β | 0 |
| CVE-2018-1605 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1691 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-1692 IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ... | N/A | NONE | β | 0 |
| CVE-2018-6261 NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of... | N/A | NONE | β | 0 |
| CVE-2018-6262 NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to inf... | N/A | NONE | β | 0 |
| CVE-2018-15563 _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. | N/A | NONE | β | 0 |
| CVE-2018-15752 An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authen... | N/A | NONE | β | 0 |
| CVE-2018-16984 An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an... | N/A | NONE | β | 0 |
| CVE-2018-17587 AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | β | 0 |
| CVE-2018-17588 AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | β | 0 |
| CVE-2018-17589 AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | β | 0 |
| CVE-2018-17590 AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | β | 0 |
| CVE-2018-17591 AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | β | 0 |
| CVE-2018-17593 AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | N/A | NONE | β | 0 |
| CVE-2018-17596 In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | N/A | NONE | β | 0 |
| CVE-2018-17786 On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code... | N/A | NONE | β | 0 |
| CVE-2018-17787 On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | N/A | NONE | β | 0 |
| CVE-2018-17884 XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | N/A | NONE | β | 0 |
| CVE-2018-17886 An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: thi... | N/A | NONE | β | 0 |
| CVE-2018-11748 Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. This issue has been resolved as of device_manager 2.7.0. | N/A | NONE | β | 0 |
| CVE-2018-11750 Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. | N/A | NONE | β | 0 |
| CVE-2018-11752 Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 re... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.