Vulnerabilidades en unspecified
259 resultadosCVE-2018-8021—Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code exEPSS 53.7%CVE-2017-20029HIGHPHPList Edit Subscription index.php sql injectionEPSS 20.0%CVE-2016-9587MEDIUMAnsible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. AEPSS 17.9%CVE-2019-25065MEDIUMOpenNetAdmin os command injectionEPSS 6.6%CVE-2019-25066MEDIUMajenti API privileges managementEPSS 5.1%CVE-2018-1089HIGH389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possiblyEPSS 4.3%CVE-2018-1115MEDIUMpostgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow EPSS 4.0%CVE-2016-9602HIGHQemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use thiEPSS 3.8%CVE-2022-3559MEDIUMExim Regex use after freeEPSS 3.7%CVE-2022-3964MEDIUMffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-boundsEPSS 3.5%CVE-2018-1084HIGHcorosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.EPSS 3.2%CVE-2017-2591LOW389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "aEPSS 3.0%CVE-2016-9594MEDIUMcurl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. EPSS 2.7%CVE-2018-1112HIGHglusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster clientEPSS 2.4%CVE-2017-2601MEDIUMJenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). UEPSS 2.1%CVE-2017-2611MEDIUMJenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workEPSS 2.1%CVE-2017-12196MEDIUMundertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not enEPSS 2.0%CVE-2017-2594MEDIUMhawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerEEPSS 2.0%CVE-2017-2606MEDIUMJenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that shouEPSS 1.9%CVE-2019-3879MEDIUMIt was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the peEPSS 1.9%