Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17076 | 2018-01-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-17077 | 2018-01-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-17078 | 2018-01-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-17079 | 2018-01-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-3739 | 2018-01-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none. | |||||
| CVE-2017-11066 | 1 Google | 1 Android | 2018-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed. | |||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | |||||
| CVE-2018-1361 | 1 Ibm | 1 Websphere Portal | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158. | |||||
| CVE-2018-2360 | 1 Sap | 1 Sap Kernel | 2018-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | |||||
| CVE-2014-5394 | 1 Huawei | 24 S2300, S2300 Firmware, S2700 and 21 more | 2018-01-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. | |||||
| CVE-2017-15849 | 1 Google | 1 Android | 2018-01-29 | 9.3 HIGH | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition. | |||||
| CVE-2017-11069 | 1 Google | 1 Android | 2018-01-29 | 9.3 HIGH | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow. | |||||
| CVE-2017-13176 | 1 Google | 1 Android | 2018-01-29 | 9.3 HIGH | 8.8 HIGH |
| In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964. | |||||
| CVE-2018-0799 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". | |||||
| CVE-2016-0327 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2018-01-29 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643. | |||||
| CVE-2016-0324 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2018-01-29 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. | |||||
| CVE-2015-2298 | 1 Etherpad | 1 Etherpad | 2018-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID. | |||||
| CVE-2014-5334 | 1 Freenas | 1 Freenas | 2018-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. | |||||
| CVE-2016-0332 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2018-01-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. | |||||
| CVE-2016-0336 | 1 Ibm | 1 Security Identity Manager | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. | |||||
| CVE-2012-6667 | 1 Dragonbyte-tech | 1 Vbshout | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. | |||||
| CVE-2016-0335 | 1 Ibm | 1 Security Identity Manager | 2018-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736. | |||||
| CVE-2018-2363 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver | 2018-01-29 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. | |||||
| CVE-2018-5369 | 1 Srbtranslatin Project | 1 Srbtranslatin | 2018-01-29 | 3.5 LOW | 4.8 MEDIUM |
| The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter. | |||||
| CVE-2018-5368 | 1 Srbtranslatin Project | 1 Srbtranslatin | 2018-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php. | |||||
| CVE-2018-5315 | 1 Wp Events Calendar Project | 1 Wp Events Calendar | 2018-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. | |||||
| CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2018-01-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. | |||||
| CVE-2018-5309 | 1 Podofo Project | 1 Podofo | 2018-01-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | |||||
| CVE-2018-5308 | 1 Podofo Project | 1 Podofo | 2018-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. | |||||
| CVE-2018-5283 | 1 Photos In Wifi Project | 1 Photos In Wifi | 2018-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | |||||
| CVE-2018-5285 | 1 Wpscoop | 1 Imageinject | 2018-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. | |||||
| CVE-2018-5284 | 1 Wpscoop | 1 Imageinject | 2018-01-29 | 3.5 LOW | 4.8 MEDIUM |
| The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. | |||||
| CVE-2018-5263 | 1 Stackideas | 1 Easydiscuss | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. | |||||
| CVE-2017-11357 | 1 Telerik | 1 Ui For Asp.net Ajax | 2018-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | |||||
| CVE-2017-14143 | 1 Kaltura | 1 Kaltura Server | 2018-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. | |||||
| CVE-2017-1000415 | 1 Matrixssl | 1 Matrixssl | 2018-01-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | |||||
| CVE-2018-5295 | 1 Podofo Project | 1 Podofo | 2018-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | |||||
| CVE-2017-1000429 | 1 Finecms Project | 1 Finecms | 2018-01-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. | |||||
| CVE-2017-13207 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426. | |||||
| CVE-2017-13205 | 1 Google | 1 Android | 2018-01-26 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583. | |||||
| CVE-2014-8579 | 1 Trendnet | 2 Tew-823dru, Tew-823dru Firmware | 2018-01-26 | 10.0 HIGH | 9.8 CRITICAL |
| TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | |||||
| CVE-2017-13200 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. | |||||
| CVE-2017-13187 | 1 Google | 1 Android | 2018-01-26 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175. | |||||
| CVE-2018-2710 | 1 Oracle | 1 Solaris | 2018-01-26 | 7.8 HIGH | 7.5 HIGH |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2683 | 1 Oracle | 1 Hospitality Simphony | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-5312 | 1 Wpshopmart | 1 Tabs Responsive | 2018-01-26 | 3.5 LOW | 5.4 MEDIUM |
| The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. | |||||
| CVE-2018-5311 | 1 Tonjoostudio | 1 Easy Custom Auto Excerpt | 2018-01-26 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. | |||||
| CVE-2017-11079 | 1 Google | 1 Android | 2018-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size. | |||||
| CVE-2017-14869 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. | |||||
| CVE-2017-14870 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked. | |||||