Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000813 | 1 Backdropcms | 1 Backdrop Cms | 2019-01-06 | 3.5 LOW | 4.8 MEDIUM |
| Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later. | |||||
| CVE-2018-19828 | 1 Artica | 1 Integria Ims | 2019-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | |||||
| CVE-2018-20564 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | |||||
| CVE-2018-20565 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | |||||
| CVE-2018-20566 | 1 Douco | 1 Douphp | 2019-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | |||||
| CVE-2018-20558 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | |||||
| CVE-2018-20557 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. | |||||
| CVE-2018-20560 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | |||||
| CVE-2018-20559 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | |||||
| CVE-2018-20561 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | |||||
| CVE-2018-20562 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | |||||
| CVE-2018-20563 | 1 Douco | 1 Douphp | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | |||||
| CVE-2018-20597 | 1 Ucms Project | 1 Ucms | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | |||||
| CVE-2018-19936 | 1 Printeron | 1 Printeron | 2019-01-04 | 5.5 MEDIUM | 6.5 MEDIUM |
| PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. | |||||
| CVE-2018-20600 | 1 Ucms Project | 1 Ucms | 2019-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | |||||
| CVE-2018-20601 | 1 Ucms Project | 1 Ucms | 2019-01-04 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | |||||
| CVE-2018-2474 | 1 Sap | 1 Fiori | 2019-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. | |||||
| CVE-2018-18096 | 1 Intel | 1 Quickassist Technology For Linux | 2019-01-04 | 2.1 LOW | 5.5 MEDIUM |
| Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2018-8612 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-01-04 | 2.1 LOW | 5.5 MEDIUM |
| A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | |||||
| CVE-2018-12206 | 1 Intel | 1 Quickassist Technology For Linux | 2019-01-04 | 2.1 LOW | 5.5 MEDIUM |
| Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-01-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | |||||
| CVE-2018-20591 | 1 Libming | 1 Libming | 2019-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx. | |||||
| CVE-2018-16524 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions. | |||||
| CVE-2018-16527 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket. | |||||
| CVE-2018-16598 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request. | |||||
| CVE-2018-16599 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure. | |||||
| CVE-2018-16600 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure. | |||||
| CVE-2018-16602 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure. | |||||
| CVE-2018-16603 | 1 Amazon | 2 Amazon Web Services Freertos, Freertos | 2019-01-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker. | |||||
| CVE-2018-20530 | 1 Website Seller Script Project | 1 Website Seller Script | 2019-01-03 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. | |||||
| CVE-2018-20001 | 1 Libav | 1 Libav | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. | |||||
| CVE-2018-8892 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | |||||
| CVE-2018-8888 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-8891 | 1 Blackberry | 1 Unified Endpoint Manager | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-16737 | 1 Tinc-vpn | 1 Tinc | 2019-01-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. | |||||
| CVE-2018-5816 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-03 | 7.1 HIGH | 6.5 MEDIUM |
| An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). | |||||
| CVE-2018-5815 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-03 | 7.1 HIGH | 6.5 MEDIUM |
| An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. | |||||
| CVE-2018-5812 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. | |||||
| CVE-2018-19767 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. | |||||
| CVE-2018-19773 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentUser.jsp" has reflected XSS via the GroupId and ConnPoolName parameters. | |||||
| CVE-2018-20006 | 1 Phpok | 1 Phpok | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). | |||||
| CVE-2015-3238 | 2 Linux-pam, Oracle | 2 Linux-pam, Sparc-opl Service Processor | 2019-01-03 | 5.8 MEDIUM | 6.5 MEDIUM |
| The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | |||||
| CVE-2018-19413 | 1 Sonarsource | 1 Sonarqube | 2019-01-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system. | |||||
| CVE-2018-8651 | 1 Microsoft | 1 Dynamics Nav | 2019-01-03 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV. | |||||
| CVE-2018-8652 | 1 Microsoft | 1 Windows Azure Pack Rollup | 2019-01-03 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1. | |||||
| CVE-2018-8650 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-01-03 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. | |||||
| CVE-2018-20136 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | |||||
| CVE-2018-20137 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-01-03 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | |||||
| CVE-2018-19817 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | |||||
| CVE-2018-19818 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter. | |||||