Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6323 | 1 Symantec | 1 Management Console | 2018-05-23 | 5.2 MEDIUM | 8.0 HIGH |
| The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. | |||||
| CVE-2018-10122 | 1 Chanzhi | 1 Chanzhi | 2018-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php. | |||||
| CVE-2017-1701 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2018-05-23 | 4.0 MEDIUM | 8.8 HIGH |
| IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393. | |||||
| CVE-2017-1473 | 1 Ibm | 6 Security Access Manager Appliance, Security Access Manager Firmware, Security Access Manager For Mobile and 3 more | 2018-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. | |||||
| CVE-2016-9093 | 1 Symantec | 1 Endpoint Protection | 2018-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine. | |||||
| CVE-2018-6413 | 1 Hikvision | 2 Ds-2cd9111-s, Ds-2cd9111-s Firmware | 2018-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request. | |||||
| CVE-2018-7502 | 1 Beckhoff | 2 Twincat, Twincat C\+\+ | 2018-05-23 | 7.2 HIGH | 7.8 HIGH |
| Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. | |||||
| CVE-2018-10080 | 1 Secutech Project | 6 Ris-11, Ris-11 Firmware, Ris-22 and 3 more | 2018-05-22 | 5.0 MEDIUM | 8.6 HIGH |
| Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie. | |||||
| CVE-2018-9118 | 1 99robots | 1 Wp Background Takeover Advertisements | 2018-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter. | |||||
| CVE-2014-6633 | 1 Tryton | 1 Tryton | 2018-05-22 | 9.0 HIGH | 8.8 HIGH |
| The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module. | |||||
| CVE-2016-9094 | 1 Symantec | 1 Endpoint Protection | 2018-05-22 | 6.8 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intended target client. | |||||
| CVE-2018-3843 | 1 Foxitsoftware | 1 Foxit Reader | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2018-3842 | 1 Foxitsoftware | 1 Foxit Reader | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2018-10236 | 1 Poscms | 1 Poscms | 2018-05-22 | 6.5 MEDIUM | 7.2 HIGH |
| POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to the FCPATH.$file file. | |||||
| CVE-2018-10235 | 1 Poscms | 1 Poscms | 2018-05-22 | 6.5 MEDIUM | 7.2 HIGH |
| POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member_model.php and write this code into the api/ucsso/config.php file. | |||||
| CVE-2018-10222 | 1 Icmsdev | 1 Icms | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. | |||||
| CVE-2018-7920 | 1 Huawei | 10 Ar1200, Ar1200 Firmware, Ar160 and 7 more | 2018-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition. | |||||
| CVE-2018-10137 | 1 Iscripts | 1 Uberforx | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | |||||
| CVE-2018-10132 | 1 Pbootcms | 1 Pbootcms | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter. | |||||
| CVE-2018-10070 | 1 Mikrotik | 2 Router, Router Firmware | 2018-05-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. | |||||
| CVE-2018-1000167 | 1 Oisf | 1 Suricata-update | 2018-05-22 | 9.3 HIGH | 7.8 HIGH |
| OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1. | |||||
| CVE-2018-6960 | 1 Vmware | 1 Horizon Daas | 2018-05-22 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | |||||
| CVE-2017-8315 | 1 Eclipse | 1 Ide | 2018-05-22 | 7.8 HIGH | 7.5 HIGH |
| Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml. | |||||
| CVE-2018-10173 | 1 Digitalguardian | 1 Management Console | 2018-05-22 | 9.0 HIGH | 8.8 HIGH |
| Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. | |||||
| CVE-2014-0927 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2018-05-22 | 4.3 MEDIUM | 8.1 HIGH |
| The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. | |||||
| CVE-2014-6111 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2018-05-22 | 2.1 LOW | 7.8 HIGH |
| IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. | |||||
| CVE-2018-10253 | 1 Paessler | 1 Prtg Network Monitor | 2018-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls. | |||||
| CVE-2017-3776 | 1 Lenovo | 1 Lenovo Help | 2018-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. | |||||
| CVE-2018-10249 | 1 Baijiacms Project | 1 Baijiacms | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account. | |||||
| CVE-2018-6306 | 1 Kaspersky | 1 Password Manager | 2018-05-22 | 6.8 MEDIUM | 7.8 HIGH |
| Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | |||||
| CVE-2018-1292 | 1 Apache | 1 Fineract | 2018-05-22 | 5.5 MEDIUM | 8.1 HIGH |
| Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter. | |||||
| CVE-2018-1291 | 1 Apache | 1 Fineract | 2018-05-22 | 5.5 MEDIUM | 8.1 HIGH |
| Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of the "order" param in such a way to read/update the data for which he doesn't have authorization. | |||||
| CVE-2018-1289 | 1 Apache | 1 Fineract | 2018-05-22 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization. | |||||
| CVE-2018-1028 | 1 Microsoft | 6 Excel Services, Office, Office 2010 and 3 more | 2018-05-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server. | |||||
| CVE-2014-2069 | 1 Eshtery.she7ata | 1 Eshtery Cms | 2018-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. | |||||
| CVE-2018-10188 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. | |||||
| CVE-2018-10185 | 1 Tuzicms | 1 Tuzicms | 2018-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call. | |||||
| CVE-2018-9275 | 1 Yubico | 1 Yubico Pam | 2018-05-21 | 6.4 MEDIUM | 8.2 HIGH |
| In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). | |||||
| CVE-2017-6148 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2018-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability. | |||||
| CVE-2018-0561 | 1 Securebrain | 1 Phishwall | 2018-05-21 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0562 | 1 Coderium | 1 Soundengine | 2018-05-21 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-8941 | 1 D-link | 2 Dsl-3782, Dsl-3782 Firmware | 2018-05-21 | 9.0 HIGH | 8.8 HIGH |
| Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | |||||
| CVE-2018-8049 | 3 Ibm, Linux, Unisys | 3 Aix, Linux Kernel, Stealth Svg | 2018-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. | |||||
| CVE-2018-0493 | 2 Debian, Eyrie | 2 Debian Linux, Remctl | 2018-05-21 | 6.5 MEDIUM | 7.2 HIGH |
| remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. | |||||
| CVE-2018-9205 | 1 Drupal | 1 Avatar Uploader | 2018-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | |||||
| CVE-2016-5809 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2018-05-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. | |||||
| CVE-2017-8373 | 1 Underbit | 1 Mad Libmad | 2018-05-20 | 6.8 MEDIUM | 7.8 HIGH |
| The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2015-8235 | 1 Call-cc | 1 Spiffy | 2018-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Spiffy before 5.4. | |||||
| CVE-2018-10117 | 1 Icmsdev | 1 Icms | 2018-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | |||||
| CVE-2017-12088 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2018-05-18 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability | |||||