Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2018-10-05 | 4.0 MEDIUM | 8.8 HIGH |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | |||||
| CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2018-12943 | 1 Seeddms | 1 Seeddms | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2005-4347 | 1 Debian | 2 Debian Linux, Kernel-patch-vserver | 2018-10-04 | 5.0 MEDIUM | N/A |
| The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. | |||||
| CVE-2006-0614 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-04 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | |||||
| CVE-2006-1137 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2018-10-04 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports". | |||||
| CVE-2006-1138 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2018-10-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors. | |||||
| CVE-2006-1139 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2018-10-04 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack. | |||||
| CVE-2006-3756 | 1 Geeklog | 1 Geeklog | 2018-10-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). | |||||
| CVE-2017-2190 | 1 Sharp | 1 Rw-4040 | 2018-10-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-3881 | 1 Focalscope | 1 Focalscope | 2018-10-04 | 7.5 HIGH | 9.4 CRITICAL |
| An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise. | |||||
| CVE-2018-7993 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2018-10-04 | 9.3 HIGH | 7.8 HIGH |
| HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. | |||||
| CVE-2018-7992 | 1 Huawei | 8 Mate 9, Mate 9 Firmware, Mate 9 Pro and 5 more | 2018-10-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition. | |||||
| CVE-2018-7947 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2018-10-04 | 4.4 MEDIUM | 3.9 LOW |
| Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. | |||||
| CVE-2018-7934 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2018-10-04 | 7.1 HIGH | 5.5 MEDIUM |
| Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures. | |||||
| CVE-2018-14767 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2018-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code. | |||||
| CVE-2018-13055 | 1 Mantisbt | 1 Mantisbt | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | |||||
| CVE-2016-4406 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. | |||||
| CVE-2018-15174 | 1 Xnview | 1 Xnview | 2018-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file. | |||||
| CVE-2018-15175 | 1 Xnview | 1 Xnview | 2018-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file. | |||||
| CVE-2018-15176 | 1 Xnview | 1 Xnview | 2018-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file. | |||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | |||||
| CVE-2018-16449 | 1 Onethink | 1 Onethink | 2018-10-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | |||||
| CVE-2017-6920 | 1 Drupal | 1 Drupal | 2018-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. | |||||
| CVE-2018-14964 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. | |||||
| CVE-2018-14965 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. | |||||
| CVE-2018-14966 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | |||||
| CVE-2018-14967 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter. | |||||
| CVE-2018-14968 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter. | |||||
| CVE-2018-1999026 | 1 Jenkins | 1 Tracetronic Ecu-test | 2018-10-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. | |||||
| CVE-2018-1999025 | 1 Jenkins | 1 Tracetronic Ecu-test | 2018-10-04 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2018-14960 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. | |||||
| CVE-2018-14961 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. | |||||
| CVE-2018-14962 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | |||||
| CVE-2018-14963 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | |||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | |||||
| CVE-2018-14944 | 1 Jpeg Encoder Project | 1 Jpeg Encoder | 2018-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. | |||||
| CVE-2018-14958 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. | |||||
| CVE-2018-14959 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. | |||||
| CVE-2017-12614 | 1 Apache | 1 Airflow | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. | |||||
| CVE-2018-14869 | 1 Php Template Store Script Project | 1 Php Template Store Script | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. | |||||
| CVE-2018-15199 | 1 Auracms | 1 Auracms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. | |||||
| CVE-2018-14946 | 1 Flowpaper | 1 Pdf2json | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). | |||||
| CVE-2018-14947 | 1 Flowpaper | 1 Pdf2json | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2018-14948 | 1 Sound Project | 1 Sound | 2018-10-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2015-0227 | 1 Apache | 1 Wss4j | 2018-10-04 | 5.0 MEDIUM | N/A |
| Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." | |||||
| CVE-2018-7755 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2018-10-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | |||||
| CVE-2009-2687 | 1 Php | 1 Php | 2018-10-03 | 4.3 MEDIUM | N/A |
| The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | |||||
| CVE-2009-3232 | 2 Debian, Ubuntu | 2 Debian Linux, Ubuntu Linux | 2018-10-03 | 9.3 HIGH | N/A |
| pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication. | |||||