Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10832 | 1 Modbuspal Project | 1 Modbuspal | 2018-06-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker. | |||||
| CVE-2018-6920 | 1 Freebsd | 1 Freebsd | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | |||||
| CVE-2018-6921 | 1 Freebsd | 1 Freebsd | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data. | |||||
| CVE-2018-8860 | 1 Vecna | 2 Vgo, Vgo Firmware | 2018-06-13 | 3.3 LOW | 6.5 MEDIUM |
| In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. | |||||
| CVE-2018-8127 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141. | |||||
| CVE-2018-9111 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser. | |||||
| CVE-2018-10799 | 1 Brave | 1 Brave | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element. | |||||
| CVE-2018-10798 | 1 Brave | 1 Brave | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second. | |||||
| CVE-2018-10773 | 1 Bibutils Project | 1 Bibutils | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml. | |||||
| CVE-2018-10774 | 1 Bibutils Project | 1 Bibutils | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml. | |||||
| CVE-2018-10775 | 1 Bibutils Project | 1 Bibutils | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml. | |||||
| CVE-2018-1248 | 1 Rsa | 1 Authentication Manager | 2018-06-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains. | |||||
| CVE-2018-10314 | 1 Opmantek | 1 Open-audit | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | |||||
| CVE-2018-10310 | 1 Catapultthemes | 1 Cookie Consent | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser. | |||||
| CVE-2014-0872 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-06-13 | 1.5 LOW | 4.1 MEDIUM |
| The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. | |||||
| CVE-2013-4040 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2018-06-13 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions (755) for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176. | |||||
| CVE-2018-10686 | 1 Vestacp | 1 Control Panel | 2018-06-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | |||||
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2018-06-12 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2018-06-12 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2017-18262 | 1 Blackboard | 1 Blackboard Learn | 2018-06-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | |||||
| CVE-2018-10758 | 1 Datenstrom | 1 Yellow | 2018-06-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | |||||
| CVE-2016-2827 | 1 Mozilla | 1 Firefox | 2018-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. | |||||
| CVE-2016-5250 | 1 Mozilla | 1 Firefox | 2018-06-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | |||||
| CVE-2018-11596 | 1 Espruino | 1 Espruino | 2018-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c. | |||||
| CVE-2018-11594 | 1 Espruino | 1 Espruino | 2018-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c. | |||||
| CVE-2018-11590 | 1 Espruino | 1 Espruino | 2018-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c. | |||||
| CVE-2018-11592 | 1 Espruino | 1 Espruino | 2018-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c. | |||||
| CVE-2018-11591 | 1 Espruino | 1 Espruino | 2018-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c. | |||||
| CVE-2016-4655 | 1 Apple | 1 Iphone Os | 2018-06-08 | 7.1 HIGH | 5.5 MEDIUM |
| The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. | |||||
| CVE-2018-1000172 | 1 Imagely | 1 Nextgen Gallery | 2018-06-07 | 3.5 LOW | 4.8 MEDIUM |
| Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45. | |||||
| CVE-2018-10570 | 1 Frogcms Project | 1 Frogcms | 2018-06-07 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | |||||
| CVE-2018-10553 | 1 Nagios | 1 Nagios Xi | 2018-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | |||||
| CVE-2014-0841 | 1 Ibm | 1 Rational Focal Point | 2018-06-07 | 2.1 LOW | 5.3 MEDIUM |
| IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. | |||||
| CVE-2012-5628 | 1 Gofer Project | 1 Gofer | 2018-06-07 | 3.6 LOW | 4.4 MEDIUM |
| gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries. | |||||
| CVE-2011-0704 | 1 Fedoraproject | 1 389 Directory Server | 2018-06-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| 389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. | |||||
| CVE-2018-10665 | 1 Ilias | 1 Ilias | 2018-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | |||||
| CVE-2016-10254 | 1 Elfutils Project | 1 Elfutils | 2018-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. | |||||
| CVE-2016-10255 | 1 Elfutils Project | 1 Elfutils | 2018-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. | |||||
| CVE-2017-7609 | 1 Elfutils Project | 1 Elfutils | 2018-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||||
| CVE-2017-17318 | 1 Huawei | 2 E5771h-937, E5771h-937 Firmware | 2018-06-06 | 6.1 MEDIUM | 6.5 MEDIUM |
| Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability. | |||||
| CVE-2018-1502 | 1 Ibm | 1 Content Manager | 2018-06-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338. | |||||
| CVE-2018-1468 | 1 Ibm | 1 Api Connect | 2018-06-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399. | |||||
| CVE-2017-1743 | 1 Ibm | 1 Websphere Application Server | 2018-06-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. | |||||
| CVE-2018-1430 | 1 Ibm | 1 Api Connect | 2018-06-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226. | |||||
| CVE-2018-8160 | 1 Microsoft | 4 Office, Office Compatibility Pack, Sharepoint Server and 1 more | 2018-06-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office. | |||||
| CVE-2018-0711 | 1 Qnap | 1 Qts | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | |||||
| CVE-2018-10430 | 1 Dilicms | 1 Dilicms | 2018-06-06 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. | |||||
| CVE-2018-5228 | 1 Atlassian | 2 Crucible, Fisheye | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | |||||
| CVE-2018-7465 | 1 Virtuemart | 1 Virtuemart | 2018-06-06 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS. | |||||