Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0556 | 1 Microsoft | 1 Sharepoint Server | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558. | |||||
| CVE-2018-6143 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | |||||
| CVE-2018-18005 | 1 Vivotek | 1 Camera | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. | |||||
| CVE-2018-18244 | 1 Vivotek | 1 Camera | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. | |||||
| CVE-2018-19799 | 1 Dolibarr | 1 Dolibarr | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | |||||
| CVE-2018-16165 | 1 Jpcert | 1 Logontracer | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-6137 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6160 | 1 Google | 1 Chrome | 2019-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2018-6164 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-20588 | 1 Otfcc Project | 1 Otfcc | 2019-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read. | |||||
| CVE-2018-20486 | 1 Metinfo | 1 Metinfo | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. | |||||
| CVE-2018-19414 | 1 Plikli | 1 Plikli Cms | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php. | |||||
| CVE-2018-20379 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2019-01-14 | 2.6 LOW | 4.7 MEDIUM |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | |||||
| CVE-2018-20373 | 1 Tendacn | 2 Adsl, Adsl Firmware | 2019-01-14 | 3.5 LOW | 5.4 MEDIUM |
| Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-12087 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2019-01-14 | 2.1 LOW | 5.3 MEDIUM |
| Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | |||||
| CVE-2018-16174 | 1 Thimpress | 1 Learnpress | 2019-01-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-16173 | 1 Thimpress | 1 Learnpress | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | |||||
| CVE-2018-7796 | 1 Schneider-electric | 1 Powersuite 2 | 2019-01-11 | 6.8 MEDIUM | 6.3 MEDIUM |
| A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | |||||
| CVE-2018-19924 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address. | |||||
| CVE-2018-20543 | 1 Libxsmm Project | 1 Libxsmm | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. | |||||
| CVE-2018-20680 | 1 Frog Cms Project | 1 Frog Cms | 2019-01-11 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | |||||
| CVE-2018-12675 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint. | |||||
| CVE-2018-12672 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. | |||||
| CVE-2018-19478 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2019-01-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. | |||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-20453 | 1 Libdoc Project | 1 Libdoc | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2018-1000629 | 1 Battelle | 1 V2i Hub | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2018-20538 | 1 Nasm | 1 Netwide Assembler | 2019-01-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. | |||||
| CVE-2018-20464 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | |||||
| CVE-2018-20454 | 1 74cms | 1 74cms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter. | |||||
| CVE-2018-18587 | 1 Bigprof | 1 Appgini | 2019-01-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash. | |||||
| CVE-2018-20431 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | |||||
| CVE-2018-20424 | 1 Comsenz | 1 Discuzx | 2019-01-10 | 5.8 MEDIUM | 5.9 MEDIUM |
| Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php. | |||||
| CVE-2017-18319 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2019-01-10 | 2.1 LOW | 5.5 MEDIUM |
| Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016. | |||||
| CVE-2017-18323 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2019-01-10 | 2.1 LOW | 5.5 MEDIUM |
| Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130. | |||||
| CVE-2019-5311 | 1 Yunucms | 1 Yunucms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. | |||||
| CVE-2019-5310 | 1 Yunucms | 1 Yunucms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | |||||
| CVE-2018-20573 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2019-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
| CVE-2018-20574 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2019-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
| CVE-2017-18327 | 1 Qualcomm | 56 Mdm9607, Mdm9607 Firmware, Mdm9635m and 53 more | 2019-01-10 | 2.1 LOW | 5.5 MEDIUM |
| Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130. | |||||
| CVE-2018-20604 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2019-01-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. | |||||
| CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | |||||
| CVE-2018-20302 | 1 Emetrotel | 1 Xain | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter. | |||||
| CVE-2018-20607 | 1 Txjia | 1 Imcat | 2019-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI. | |||||
| CVE-2018-20609 | 1 Txjia | 1 Imcat | 2019-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI. | |||||
| CVE-2018-20611 | 1 Txjia | 1 Imcat | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | |||||
| CVE-2017-15420 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2018-20589 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2019-01-09 | 3.5 LOW | 4.8 MEDIUM |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. | |||||