Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6008 | 1 Joomlatag | 1 Jtag Members Directory | 2018-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | |||||
| CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2018-02-15 | 5.0 MEDIUM | 8.6 HIGH |
| On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | |||||
| CVE-2018-5703 | 1 Linux | 1 Linux Kernel | 2018-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. | |||||
| CVE-2018-6397 | 1 Joomlacalendars | 1 Picture Calendar | 2018-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. | |||||
| CVE-2017-1773 | 1 Ibm | 1 Datapower Gateway | 2018-02-15 | 4.3 MEDIUM | 4.0 MEDIUM |
| IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. | |||||
| CVE-2018-6465 | 1 Wp-property-hive | 1 Propertyhive | 2018-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. | |||||
| CVE-2018-5701 | 1 Iolo | 1 System Shield | 2018-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003. | |||||
| CVE-2015-2203 | 1 Evergreen-ils | 1 Evergreen | 2018-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | |||||
| CVE-2018-6353 | 1 Electrum | 1 Electrum | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022. | |||||
| CVE-2014-3244 | 1 Sugarcrm | 1 Sugarcrm | 2018-02-15 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | |||||
| CVE-2018-6537 | 1 Flexense | 1 Syncbreeze | 2018-02-15 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. | |||||
| CVE-2017-18083 | 1 Atlassian | 1 Confluence | 2018-02-15 | 3.5 LOW | 5.4 MEDIUM |
| The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | |||||
| CVE-2018-6352 | 1 Podofo Project | 1 Podofo | 2018-02-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. | |||||
| CVE-2018-1364 | 1 Ibm | 1 Content Navigator | 2018-02-15 | 6.4 MEDIUM | 8.2 HIGH |
| IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449. | |||||
| CVE-2018-6318 | 1 Sophos | 1 Sophos Tester | 2018-02-15 | 9.3 HIGH | 7.8 HIGH |
| In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack. | |||||
| CVE-2018-6561 | 1 Dojotoolkit | 1 Dojo | 2018-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. | |||||
| CVE-2016-0303 | 1 Ibm | 1 Tivoli Integrated Portal | 2018-02-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-6007 | 1 Joomsky | 1 Js Support Ticket | 2018-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | |||||
| CVE-2018-6387 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2018-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. | |||||
| CVE-2018-6388 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2018-02-15 | 9.0 HIGH | 8.8 HIGH |
| iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. | |||||
| CVE-2018-6520 | 1 Simplesamlphp | 1 Simplesamlphp | 2018-02-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | |||||
| CVE-2018-6317 | 1 Claymore Dual Miner Project | 1 Claymore Dual Miner | 2018-02-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service. | |||||
| CVE-2017-15546 | 1 Emc | 1 Rsa Authentication Manager | 2018-02-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. | |||||
| CVE-2015-2204 | 1 Evergreen-ils | 1 Evergreen | 2018-02-15 | 5.0 MEDIUM | 7.5 HIGH |
| Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | |||||
| CVE-2017-14179 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | |||||
| CVE-2017-14180 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | |||||
| CVE-2017-14177 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. | |||||
| CVE-2017-1000356 | 1 Jenkins | 1 Jenkins | 2018-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | |||||
| CVE-2017-1000355 | 1 Jenkins | 1 Jenkins | 2018-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | |||||
| CVE-2016-7034 | 1 Redhat | 1 Jboss Bpm Suite | 2018-02-15 | 6.8 MEDIUM | 8.8 HIGH |
| The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | |||||
| CVE-2017-18120 | 1 Gifsicle Project | 1 Gifsicle | 2018-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. | |||||
| CVE-2018-6579 | 1 Jextn | 1 Reverse Auction | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. | |||||
| CVE-2018-6194 | 1 Splashing Images Project | 1 Splashing Images | 2018-02-14 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php. | |||||
| CVE-2018-6575 | 1 Jextn | 1 Classified | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. | |||||
| CVE-2018-6577 | 1 Jextn | 1 Membership | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | |||||
| CVE-2016-0311 | 1 Ibm | 1 Tivoli Business Service Manager | 2018-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480. | |||||
| CVE-2018-6391 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2018-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. | |||||
| CVE-2016-0312 | 1 Ibm | 1 Tririga Application Platform | 2018-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. IBM X-Force ID: 111486. | |||||
| CVE-2018-6395 | 1 Joomlacalendars | 1 Visual Calendar | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action. | |||||
| CVE-2018-0508 | 1 Kkcald Project | 1 Kkcald | 2018-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0510 | 1 Kkcald Project | 1 Kkcald | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlier allows remote attackers to perform unintended operations or execute DoS (denial of service) attacks via unspecified vectors. | |||||
| CVE-2016-0300 | 1 Ibm | 1 Tririga Application Platform | 2018-02-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412. | |||||
| CVE-2018-0509 | 1 Kkcald Project | 1 Kkcald | 2018-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2018-6398 | 1 Joomlacalendars | 1 Event Calendar | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. | |||||
| CVE-2018-6550 | 1 Monstra | 1 Monstra | 2018-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | |||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2018-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | |||||
| CVE-2014-1835 | 1 Echor Project | 1 Echor | 2018-02-14 | 2.1 LOW | 7.8 HIGH |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | |||||
| CVE-2018-6545 | 1 Ipswitch | 1 Moveit | 2018-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks. | |||||
| CVE-2017-14190 | 1 Fortinet | 1 Fortios | 2018-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. | |||||
| CVE-2018-6580 | 1 Janguo | 1 Jimtawl | 2018-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. | |||||