Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14228 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. | |||||
| CVE-2016-0734 | 1 Apache | 1 Activemq | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. | |||||
| CVE-2016-0782 | 1 Apache | 1 Activemq | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. | |||||
| CVE-2018-9145 | 1 Exiv2 | 1 Exiv2 | 2019-03-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. | |||||
| CVE-2018-15814 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file. | |||||
| CVE-2018-15813 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file. | |||||
| CVE-2018-15815 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file. | |||||
| CVE-2018-15816 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. | |||||
| CVE-2018-20642 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. | |||||
| CVE-2018-15817 | 1 Faststone | 1 Image Viewer | 2019-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file. | |||||
| CVE-2019-10118 | 1 Snipeitapp | 1 Snipe-it | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. | |||||
| CVE-2018-5803 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux Desktop and 3 more | 2019-03-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | |||||
| CVE-2018-11508 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-03-27 | 2.1 LOW | 5.5 MEDIUM |
| The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | |||||
| CVE-2016-10744 | 1 Select2 | 1 Select2 | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data. | |||||
| CVE-2018-18845 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. | |||||
| CVE-2018-13103 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-03-27 | 5.5 MEDIUM | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows SSRF. | |||||
| CVE-2019-1571 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | |||||
| CVE-2019-1570 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | |||||
| CVE-2019-9837 | 1 Openid | 1 Openid Connect | 2019-03-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. | |||||
| CVE-2019-7646 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | |||||
| CVE-2019-10105 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | |||||
| CVE-2019-10107 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | |||||
| CVE-2019-10106 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | |||||
| CVE-2019-1569 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | |||||
| CVE-2019-10010 | 1 Thephpleague | 1 Commonmark | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583. | |||||
| CVE-2018-7492 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-03-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | |||||
| CVE-2018-7205 | 1 Kentico | 1 Kentico Cms | 2019-03-26 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout. | |||||
| CVE-2018-13104 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | |||||
| CVE-2017-8557 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-26 | 2.1 LOW | 5.5 MEDIUM |
| Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | |||||
| CVE-2018-12652 | 1 Myadrenalin | 1 Adrenalin | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2019-10027 | 1 Phpcms | 1 Phpcms | 2019-03-26 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. | |||||
| CVE-2017-8553 | 1 Microsoft | 5 Windows 8.1, Windows Rt 8.1, Windows Server 2008 and 2 more | 2019-03-26 | 1.9 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability". | |||||
| CVE-2019-10016 | 1 Gforge | 1 Advanced Server | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. | |||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
| CVE-2018-0202 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400. | |||||
| CVE-2019-7299 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. | |||||
| CVE-2017-17819 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assmembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. | |||||
| CVE-2017-17817 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assmembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. | |||||
| CVE-2017-17820 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assmembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | |||||
| CVE-2017-17816 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. | |||||
| CVE-2017-17813 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. | |||||
| CVE-2017-17815 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. | |||||
| CVE-2017-17814 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. | |||||
| CVE-2017-17811 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. | |||||
| CVE-2017-17810 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. | |||||
| CVE-2018-20640 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. | |||||
| CVE-2018-14724 | 1 Mybb | 1 Ban List | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | |||||
| CVE-2018-12929 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-03-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. | |||||
| CVE-2018-17167 | 1 Printeron | 1 Printeron | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | |||||
| CVE-2019-9650 | 1 Upcoming Events Project | 1 Upcoming Events | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event. | |||||