Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8898 | 1 Imagemagick | 1 Imagemagick | 2018-05-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. | |||||
| CVE-2016-5240 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-05-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. | |||||
| CVE-2017-7298 | 1 Moodle | 1 Moodle | 2018-05-18 | 3.5 LOW | 5.4 MEDIUM |
| In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | |||||
| CVE-2018-1003 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-05-17 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | |||||
| CVE-2018-6959 | 1 Vmware | 1 Vrealize Automation | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. | |||||
| CVE-2018-8953 | 1 Ca | 1 Workload Automation Ae | 2018-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request. | |||||
| CVE-2018-8954 | 1 Ca | 1 Workload Control Center | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | |||||
| CVE-2017-14611 | 1 Getcockpit | 1 Cockpit | 2018-05-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | |||||
| CVE-2018-10135 | 1 Iscripts | 1 Eswap | 2018-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. | |||||
| CVE-2018-10225 | 1 Thinkphp | 1 Thinkphp | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| thinkphp 3.1.3 has SQL Injection via the index.php s parameter. | |||||
| CVE-2015-0172 | 1 Ibm | 1 Security Siteprotector System | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927. | |||||
| CVE-2017-14323 | 1 Onethink | 1 Onethink | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | |||||
| CVE-2018-10066 | 1 Mikrotik | 1 Routeros | 2018-05-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). | |||||
| CVE-2015-8312 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2018-05-17 | 7.2 HIGH | 7.8 HIGH |
| Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. | |||||
| CVE-2017-0372 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | |||||
| CVE-2018-9851 | 1 Gxlcms | 1 Gxlcms Qy | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. | |||||
| CVE-2015-1957 | 1 Ibm | 1 Websphere Mq | 2018-05-17 | 3.5 LOW | 5.3 MEDIUM |
| IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482. | |||||
| CVE-2018-10111 | 1 Gegl | 1 Gegl | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. | |||||
| CVE-2018-10112 | 1 Gegl | 1 Gegl | 2018-05-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46. | |||||
| CVE-2018-10114 | 1 Gegl | 1 Gegl | 2018-05-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c. | |||||
| CVE-2014-6412 | 1 Wordpress | 1 Wordpress | 2018-05-17 | 5.0 MEDIUM | 8.1 HIGH |
| WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | |||||
| CVE-2018-9037 | 1 Monstra | 1 Monstra | 2018-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. | |||||
| CVE-2018-5510 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers. | |||||
| CVE-2018-0549 | 1 Cybozu | 1 Garoon | 2018-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0551 | 1 Cybozu | 1 Garoon | 2018-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0530 | 1 Cybozu | 1 Garoon | 2018-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-10224 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html. | |||||
| CVE-2018-0532 | 1 Cybozu | 1 Garoon | 2018-05-17 | 4.0 MEDIUM | 2.7 LOW |
| Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors. | |||||
| CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2018-05-17 | 6.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | |||||
| CVE-2018-9999 | 1 Zulip | 1 Zulip Server | 2018-05-17 | 3.5 LOW | 5.4 MEDIUM |
| In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. | |||||
| CVE-2018-9986 | 1 Zulip | 1 Zulip Server | 2018-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. | |||||
| CVE-2017-11543 | 1 Tcpdump | 1 Tcpdump | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. | |||||
| CVE-2017-13011 | 1 Tcpdump | 1 Tcpdump | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). | |||||
| CVE-2017-16741 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2018-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information. | |||||
| CVE-2017-3163 | 1 Apache | 1 Solr | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. | |||||
| CVE-2017-7473 | 2018-05-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none. | |||||
| CVE-2018-6879 | 1 Website Seller Script Project | 1 Website Seller Script | 2018-05-16 | 4.0 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | |||||
| CVE-2018-6903 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2018-05-16 | 4.0 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | |||||
| CVE-2018-8772 | 1 Coship | 2 Rt3052, Rt3052 Firmware | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen. | |||||
| CVE-2018-10318 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata. | |||||
| CVE-2018-10321 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. | |||||
| CVE-2018-10320 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout. | |||||
| CVE-2018-10319 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet. | |||||
| CVE-2018-3862 | 1 Computer-insel | 1 Photoline | 2018-05-16 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting | |||||
| CVE-2018-3861 | 1 Computer-insel | 1 Photoline | 2018-05-16 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2017-11011 | 1 Qualcomm | 22 Mdm9206, Mdm9206 Firmware, Mdm9607 and 19 more | 2018-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API. | |||||
| CVE-2017-18133 | 1 Qualcomm | 14 Mdm9206, Mdm9206 Firmware, Mdm9607 and 11 more | 2018-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, an out of bound access for ebi channel array can potentially occur. | |||||
| CVE-2017-1790 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035. | |||||
| CVE-2018-7660 | 1 Opentext | 1 Documentum D2 | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. | |||||
| CVE-2018-7659 | 1 Opentext | 1 Documentum D2 | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file. | |||||