Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11474 | 1 Monstra | 1 Monstra | 2018-06-28 | 6.0 MEDIUM | 8.0 HIGH |
| Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser. | |||||
| CVE-2018-11475 | 1 Monstra | 1 Monstra | 2018-06-28 | 6.0 MEDIUM | 8.0 HIGH |
| Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser. | |||||
| CVE-2018-11514 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2018-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | |||||
| CVE-2015-8960 | 5 Apple, Google, Microsoft and 2 more | 5 Safari, Chrome, Internet Explorer and 2 more | 2018-06-28 | 6.8 MEDIUM | 8.1 HIGH |
| The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. | |||||
| CVE-2018-11571 | 1 Clippercms | 1 Clippercms | 2018-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| ClipperCMS 1.3.3 allows Session Fixation. | |||||
| CVE-2018-11470 | 1 Iscripts | 1 Eswap | 2018-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. | |||||
| CVE-2018-11411 | 1 Dimoncoin | 1 Dimoncoin | 2018-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect. | |||||
| CVE-2018-11239 | 1 Hexagontoken | 1 Hexagon | 2018-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the "burnOverflow" issue. | |||||
| CVE-2018-10357 | 1 Trendmicro | 1 Endpoint Application Control | 2018-06-26 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-11416 | 1 Jpegoptim Project | 1 Jpegoptim | 2018-06-26 | 6.8 MEDIUM | 8.8 HIGH |
| jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-1310 | 1 Apache | 1 Nifi | 2018-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2018-11231 | 1 Divido | 1 Divido | 2018-06-26 | 6.8 MEDIUM | 8.1 HIGH |
| In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. | |||||
| CVE-2018-1137 | 1 Moodle | 1 Moodle | 2018-06-25 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. | |||||
| CVE-2018-5115 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5094 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5093 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-11225 | 1 Libming | 1 Libming | 2018-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-10240 | 1 Solarwinds | 1 Serv-u | 2018-06-25 | 5.0 MEDIUM | 7.3 HIGH |
| SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session. | |||||
| CVE-2018-10654 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 6.8 MEDIUM | 8.1 HIGH |
| There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-10650 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2013-3024 | 1 Ibm | 1 Websphere Application Server | 2018-06-25 | 7.2 HIGH | 7.8 HIGH |
| IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. | |||||
| CVE-2018-10652 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | |||||
| CVE-2018-11414 | 1 Bearadmin Project | 1 Bearadmin | 2018-06-25 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly. | |||||
| CVE-2018-10350 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2018-06-25 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php. Authentication is required in order to exploit this vulnerability. | |||||
| CVE-2018-6237 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2018-06-25 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. | |||||
| CVE-2018-4992 | 1 Adobe | 1 Creative Cloud | 2018-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
| CVE-2018-4873 | 1 Adobe | 1 Creative Cloud | 2018-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Unquoted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
| CVE-2018-11367 | 1 Cppcms | 1 Cppcms | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module. | |||||
| CVE-2018-5101 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5100 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-11322 | 1 Joomla | 1 Joomla\! | 2018-06-22 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. | |||||
| CVE-2018-10356 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-06-22 | 9.0 HIGH | 8.8 HIGH |
| A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10352 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-10351 | 1 Trendmicro | 1 Email Encryption Gateway | 2018-06-22 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-4928 | 3 Adobe, Apple, Microsoft | 3 Indesign, Mac Os X, Windows | 2018-06-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-4927 | 3 Adobe, Apple, Microsoft | 3 Indesign, Mac Os X, Windows | 2018-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
| CVE-2018-4925 | 4 Adobe, Apple, Google and 1 more | 5 Digital Editions, Iphone Os, Mac Os X and 2 more | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-0144 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | |||||
| CVE-2017-0143 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | |||||
| CVE-2017-0146 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148. | |||||
| CVE-2017-0148 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | |||||
| CVE-2017-0145 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. | |||||
| CVE-2018-10728 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2018-06-20 | 6.8 MEDIUM | 8.1 HIGH |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731). | |||||
| CVE-2018-10252 | 1 Actiontec | 2 Wcb6200q, Wcb6200q Firmware | 2018-06-20 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network. | |||||
| CVE-2018-0580 | 1 Celsys | 3 Clip Studio Action, Clip Studio Modeler, Clip Studio Paint | 2018-06-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-9250 | 1 Open-emr | 1 Openemr | 2018-06-20 | 6.5 MEDIUM | 8.8 HIGH |
| interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. | |||||
| CVE-2018-11230 | 1 Jbig2enc Project | 1 Jbig2enc | 2018-06-20 | 6.8 MEDIUM | 8.8 HIGH |
| jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2018-11226 | 1 Libming | 1 Libming | 2018-06-20 | 6.8 MEDIUM | 8.8 HIGH |
| The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-1064 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2018-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |||||
| CVE-2017-7308 | 1 Linux | 1 Linux Kernel | 2018-06-20 | 7.2 HIGH | 7.8 HIGH |
| The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. | |||||