Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6069 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. | |||||
| CVE-2017-6068 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. | |||||
| CVE-2017-6066 | 1 Intelliants | 1 Subrion Cms | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. | |||||
| CVE-2018-0886 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-13 | 7.6 HIGH | 7.0 HIGH |
| The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability". | |||||
| CVE-2018-5157 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. | |||||
| CVE-2018-5158 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. | |||||
| CVE-2016-4733 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-13 | 9.3 HIGH | 7.8 HIGH |
| WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. | |||||
| CVE-2016-4712 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-13 | 9.3 HIGH | 7.8 HIGH |
| CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | |||||
| CVE-2016-4735 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-13 | 9.3 HIGH | 8.8 HIGH |
| WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734. | |||||
| CVE-2017-2355 | 2 Apple, Webkitgtk | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. | |||||
| CVE-2016-4611 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-13 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. | |||||
| CVE-2019-5922 | 1 Microsoft | 1 Teams | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2019-5921 | 1 Microsoft | 1 Windows 7 | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2019-5923 | 1 Ichain | 1 Insurance Wallet | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-4737 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-12 | 9.3 HIGH | 8.8 HIGH |
| WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||
| CVE-2013-7466 | 1 Simplemachines | 1 Simple Machines Forum | 2019-03-12 | 6.5 MEDIUM | 8.8 HIGH |
| Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | |||||
| CVE-2018-6188 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2019-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. | |||||
| CVE-2017-9776 | 3 Debian, Freedesktop, Redhat | 8 Debian Linux, Poppler, Enterprise Linux Desktop and 5 more | 2019-03-12 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||
| CVE-2018-0824 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-12 | 5.1 MEDIUM | 7.5 HIGH |
| A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-5336 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. | |||||
| CVE-2018-5248 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2019-03-12 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | |||||
| CVE-2018-11385 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2019-03-12 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. | |||||
| CVE-2019-9625 | 1 Directadmin | 1 Directadmin | 2019-03-12 | 6.8 MEDIUM | 8.8 HIGH |
| JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. | |||||
| CVE-2018-19045 | 1 Keepalived | 1 Keepalived | 2019-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. | |||||
| CVE-2019-9693 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-12 | 6.5 MEDIUM | 8.8 HIGH |
| In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | |||||
| CVE-2019-9710 | 1 Webargs Project | 1 Webargs | 2019-03-12 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests. | |||||
| CVE-2017-10844 | 1 Basercms | 1 Basercms | 2019-03-12 | 6.5 MEDIUM | 8.8 HIGH |
| baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | |||||
| CVE-2018-5207 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | |||||
| CVE-2018-5205 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | |||||
| CVE-2019-9688 | 1 Sftnow | 1 Sftnow | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account. | |||||
| CVE-2015-7569 | 1 Yeager | 1 Yeager Cms | 2019-03-11 | 7.5 HIGH | 8.8 HIGH |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||||
| CVE-2019-9652 | 1 Sdcms | 1 Sdcms | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter. | |||||
| CVE-2018-5146 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | |||||
| CVE-2016-4768 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767. | |||||
| CVE-2018-11694 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2016-4759 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | |||||
| CVE-2016-4765 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. | |||||
| CVE-2018-11696 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-11693 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | |||||
| CVE-2016-4730 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-11 | 9.3 HIGH | 8.8 HIGH |
| WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. | |||||
| CVE-2016-4728 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2018-11697 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | |||||
| CVE-2018-11698 | 1 Sass-lang | 1 Libsass | 2019-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | |||||
| CVE-2016-4766 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. | |||||
| CVE-2018-16511 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2019-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2018-16510 | 2 Artifex, Canonical | 3 Ghostscript, Gpl Ghostscript, Ubuntu Linux | 2019-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2018-5178 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more | 2019-03-11 | 6.8 MEDIUM | 8.1 HIGH |
| A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | |||||
| CVE-2017-5828 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2019-03-11 | 5.5 MEDIUM | 8.1 HIGH |
| An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | |||||
| CVE-2017-2370 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-11 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. | |||||
| CVE-2017-17866 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||