Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15886 | 1 Monstra | 1 Monstra | 2018-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. | |||||
| CVE-2018-18735 | 1 Catfish-cms | 1 Catfish Blog | 2018-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33. | |||||
| CVE-2017-2795 | 1 Marklogic | 1 Marklogic | 2018-11-14 | 6.8 MEDIUM | 8.6 HIGH |
| An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | |||||
| CVE-2018-16307 | 1 Mi | 2 Xiaomi Miwifi Xiaomi 55dd, Xiaomi Miwifi Xiaomi 55dd Firmware | 2018-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response. | |||||
| CVE-2018-11263 | 1 Google | 1 Android | 2018-11-14 | 5.8 MEDIUM | 8.8 HIGH |
| In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05. | |||||
| CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2018-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||||
| CVE-2018-5238 | 1 Symantec | 2 Norton Power Eraser, Symdiag | 2018-11-14 | 6.8 MEDIUM | 7.8 HIGH |
| Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | |||||
| CVE-2018-16604 | 1 Nibbleblog | 1 Nibbleblog | 2018-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}"). | |||||
| CVE-2018-1000773 | 1 Wordpress | 1 Wordpress | 2018-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. | |||||
| CVE-2018-18734 | 1 Catfish-cms | 1 Catfish Cms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | |||||
| CVE-2018-0648 | 1 Chatwork | 1 Chatwork | 2018-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-16314 | 1 Icmsdev | 1 Icms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | |||||
| CVE-2018-6034 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-13 | 5.8 MEDIUM | 8.1 HIGH |
| Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2018-16343 | 1 Seacms | 1 Seacms | 2018-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. | |||||
| CVE-2018-14769 | 1 Vivotek | 1 Camera | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. | |||||
| CVE-2018-16344 | 1 Zzcms | 1 Zzcms | 2018-11-13 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-16345 | 1 Easycms | 1 Easycms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | |||||
| CVE-2018-6923 | 1 Freebsd | 1 Freebsd | 2018-11-13 | 7.8 HIGH | 7.5 HIGH |
| In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. | |||||
| CVE-2016-7141 | 2 Haxx, Opensuse | 2 Libcurl, Leap | 2018-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | |||||
| CVE-2016-8621 | 1 Haxx | 1 Curl | 2018-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | |||||
| CVE-2016-5420 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2018-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | |||||
| CVE-2016-5419 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2018-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | |||||
| CVE-2017-15818 | 1 Google | 1 Android | 2018-11-12 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size. | |||||
| CVE-2018-3918 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 6.4 MEDIUM | 7.5 HIGH |
| An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-12511 | 1 Substratum | 1 Substratum | 2018-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily. | |||||
| CVE-2018-17366 | 1 Mcms Project | 1 Mcms | 2018-11-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | |||||
| CVE-2018-3895 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3908 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 6.4 MEDIUM | 7.5 HIGH |
| An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-17050 | 1 Polyai Project | 1 Polyai | 2018-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-3864 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability. | |||||
| CVE-2018-3865 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability. | |||||
| CVE-2018-3873 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | |||||
| CVE-2018-3874 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | |||||
| CVE-2018-3876 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | |||||
| CVE-2018-17283 | 1 Zohocorp | 1 Manageengine Opmanager | 2018-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | |||||
| CVE-2018-3893 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3877 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-11-09 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability. | |||||
| CVE-2016-9048 | 1 Processmaker | 1 Processmaker | 2018-11-09 | 6.5 MEDIUM | 7.4 HIGH |
| Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system. | |||||
| CVE-2018-11276 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe. | |||||
| CVE-2018-11278 | 1 Google | 1 Android | 2018-11-09 | 6.6 MEDIUM | 7.1 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault. | |||||
| CVE-2017-15825 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur. | |||||
| CVE-2017-15828 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow. | |||||
| CVE-2018-11281 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur. | |||||
| CVE-2018-11265 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment. | |||||
| CVE-2018-11270 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption. | |||||
| CVE-2018-11273 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free. | |||||
| CVE-2018-11286 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue occurs | |||||
| CVE-2018-11274 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large. | |||||
| CVE-2018-11297 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW. | |||||
| CVE-2018-11298 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command. | |||||