Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12045 | 1 Dedecms | 1 Dedecms | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | |||||
| CVE-2018-12498 | 1 Icmsdev | 1 Icms | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | |||||
| CVE-2017-6292 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69480285. Reference: N-CVE-2017-6292. | |||||
| CVE-2017-6294 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69316825. Reference: N-CVE-2017-6294. | |||||
| CVE-2017-6290 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed. User interaction not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69559414. Reference: N-CVE-2017-6290. | |||||
| CVE-2017-17171 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, P9 and 3 more | 2018-07-27 | 6.3 MEDIUM | 4.2 MEDIUM |
| Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. | |||||
| CVE-2016-7470 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-7471 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-7473 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-9246 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-9248 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-9254 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-9255 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-9258 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2017-6146 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to an erroneous publication. Notes: none. | |||||
| CVE-2017-6149 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6170 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6171 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6172 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6173 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6174 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6175 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6176 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-6177 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2018-12266 | 1 Hongcms Project | 1 Hongcms | 2018-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | |||||
| CVE-2018-10886 | 2018-07-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None. | |||||
| CVE-2018-12353 | 1 Knowage-suite | 1 Knowage | 2018-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. | |||||
| CVE-2018-1456 | 1 Ibm | 2 Rational Rhapsody Design Manager, Rational Software Architect Design Manager | 2018-07-24 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091. | |||||
| CVE-2017-16206 | 1 Coffescript Project | 1 Coffescript | 2018-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-18291 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. | |||||
| CVE-2017-18289 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter. | |||||
| CVE-2017-18290 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter. | |||||
| CVE-2017-18288 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter. | |||||
| CVE-2017-18287 | 1 Pvpgn | 1 Stats | 2018-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter. | |||||
| CVE-2018-3852 | 1 Onssi | 1 Ocularis | 2018-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2018-5013 | 2018-07-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5103. Reason: This candidate is a duplicate of CVE-2018-5103. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2018-5103 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2018-12065 | 1 Creatiwity | 1 Witycms | 2018-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file. | |||||
| CVE-2018-12041 | 1 Mediatek | 2 Awus036nh, Awus036nh Firmware | 2018-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames. | |||||
| CVE-2018-11736 | 1 Pluck-cms | 1 Pluck | 2018-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file. | |||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2018-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | |||||
| CVE-2018-11722 | 1 Wuzhicms | 1 Wuzhicms | 2018-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | |||||
| CVE-2017-12542 | 1 Hp | 2 Integrated Lights-out 4, Integrated Lights-out 4 Firmware | 2018-07-23 | 10.0 HIGH | 10.0 CRITICAL |
| A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found. | |||||
| CVE-2016-5139 | 1 Google | 1 Chrome | 2018-07-21 | 6.8 MEDIUM | 7.6 HIGH |
| Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | |||||
| CVE-2018-13662 | 1 Worldopctionchain Project | 1 Worldopctionchain | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13663 | 1 Bsctoken Project | 1 Bsctoken | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13664 | 1 Cws Project | 1 Cws | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13665 | 1 Bcaas Project | 1 Bcaas | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BCaaS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13666 | 1 Eristicaico Project | 1 Eristicaico | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13667 | 1 Utbtokentest Project | 1 Utbtokentest | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2016-10532 | 1 Console-io Project | 1 Console-io | 2018-07-20 | 10.0 HIGH | 9.8 CRITICAL |
| console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response. | |||||