Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8494 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2018-11-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8490 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2018-11-28 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2018-8489. | |||||
| CVE-2018-17103 | 1 Get-simple | 1 Getsimple Cms | 2018-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter. | |||||
| CVE-2018-5545 | 1 F5 | 1 Websafe Alert Server | 2018-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload. | |||||
| CVE-2018-12455 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2018-11-28 | 9.3 HIGH | 8.1 HIGH |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. | |||||
| CVE-2018-12456 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2018-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | |||||
| CVE-2018-17106 | 1 Tinyftp Project | 1 Tinyftp | 2018-11-28 | 6.4 MEDIUM | 7.5 HIGH |
| In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname. | |||||
| CVE-2018-17045 | 1 Cms Maelostore Project | 1 Cms Maelostore | 2018-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update. | |||||
| CVE-2018-17838 | 1 Jtbc | 1 Jtbc Php | 2018-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. | |||||
| CVE-2018-18061 | 1 Tecrail | 1 Responsive Filemanager | 2018-11-28 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. | |||||
| CVE-2017-7660 | 1 Apache | 1 Solr | 2018-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. | |||||
| CVE-2018-16985 | 1 Lizard Project | 1 Lizard | 2018-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| DASAN H660GW devices do not implement any CSRF protection mechanism. | |||||
| CVE-2018-17986 | 1 Razorcms | 1 Razorcms | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. | |||||
| CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. | |||||
| CVE-2018-18201 | 1 Qibosoft | 1 Qibosoft | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. | |||||
| CVE-2018-3894 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-27 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability. | |||||
| CVE-2018-18316 | 1 Emlog | 1 Emlog | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. | |||||
| CVE-2018-18317 | 1 Dscms Project | 1 Dscms | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. | |||||
| CVE-2018-14731 | 1 Parceljs | 1 Parcel | 2018-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1 connection (with a random TCP port number) from any origin. The random port number can be found by connecting to http://127.0.0.1 and reading the "new WebSocket" line in the source code. | |||||
| CVE-2018-12585 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-java | 2018-11-27 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | |||||
| CVE-2017-1082 | 1 Freebsd | 1 Freebsd | 2018-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern. | |||||
| CVE-2018-5921 | 1 Hp | 387 A2w75a, A2w75a Firmware, A2w76a and 384 more | 2018-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege. | |||||
| CVE-2017-16830 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-16827 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-16826 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. | |||||
| CVE-2017-16831 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. | |||||
| CVE-2017-16832 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. | |||||
| CVE-2017-16829 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-17124 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. | |||||
| CVE-2017-16828 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. | |||||
| CVE-2017-17121 | 1 Gnu | 1 Binutils | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. | |||||
| CVE-2017-16803 | 1 Libav | 1 Libav | 2018-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. | |||||
| CVE-2017-17858 | 1 Artifex | 1 Mupdf | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | |||||
| CVE-2017-15587 | 1 Artifex | 1 Mupdf | 2018-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | |||||
| CVE-2018-18211 | 1 Pbootcms | 1 Pbootcms | 2018-11-26 | 6.8 MEDIUM | 8.1 HIGH |
| PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI. | |||||
| CVE-2018-6924 | 1 Freebsd | 1 Freebsd | 2018-11-26 | 5.6 MEDIUM | 7.1 HIGH |
| In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. | |||||
| CVE-2018-2462 | 1 Sap | 1 Netweaver | 2018-11-26 | 6.5 MEDIUM | 8.8 HIGH |
| In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. | |||||
| CVE-2018-17297 | 1 Hutool | 1 Hutool | 2018-11-26 | 6.4 MEDIUM | 7.5 HIGH |
| The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | |||||
| CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2018-11-26 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | |||||
| CVE-2018-16796 | 1 Hiscout | 1 Grc Suite | 2018-11-25 | 9.0 HIGH | 8.8 HIGH |
| HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. | |||||
| CVE-2018-18086 | 1 Phome | 1 Empirecms | 2018-11-25 | 6.5 MEDIUM | 8.8 HIGH |
| EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | |||||
| CVE-2018-15753 | 1 Mensamax | 1 Mensamax | 2018-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password. | |||||
| CVE-2017-16671 | 1 Digium | 2 Asterisk, Certified Asterisk | 2018-11-25 | 6.5 MEDIUM | 8.8 HIGH |
| A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. | |||||
| CVE-2017-17850 | 1 Digium | 2 Asterisk, Certified Asterisk | 2018-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point. | |||||
| CVE-2014-10076 | 1 Wp-db-backup Project | 1 Wp-db-backup | 2018-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. | |||||
| CVE-2015-9269 | 1 Wpmobilepack | 1 Wordpress Mobile Pack | 2018-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format. | |||||
| CVE-2018-3982 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2018-11-23 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bounds index which can result in arbitrary data being read as a pointer. Later, when the application attempts to write to said pointer, an arbitrary write will occur. This can allow an attacker to further corrupt memory, which leads to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. | |||||
| CVE-2018-4000 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2018-11-23 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability. | |||||
| CVE-2018-3984 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2018-11-23 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. | |||||