Total
95916 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10205 | 1 Hyper | 1 Hyperstart | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker. | |||||
| CVE-2018-10198 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. | |||||
| CVE-2018-10196 | 3 Canonical, Fedoraproject, Graphviz | 3 Ubuntu Linux, Fedora, Graphviz | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2018-10187 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier. | |||||
| CVE-2018-10186 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368. | |||||
| CVE-2018-10183 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action. | |||||
| CVE-2018-10178 | 1 Iac | 1 Fromdoctopdf | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command. | |||||
| CVE-2018-10177 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. | |||||
| CVE-2018-10176 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue. | |||||
| CVE-2018-10175 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Digital Guardian Management Console 7.1.2.0015 has an XXE issue. | |||||
| CVE-2018-10174 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role. | |||||
| CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | |||||
| CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | |||||
| CVE-2018-10138 | 1 Catalooksupport | 1 .netstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. | |||||
| CVE-2018-10136 | 1 Iscripts | 1 Uberforx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. | |||||
| CVE-2018-10135 | 1 Iscripts | 1 Eswap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. | |||||
| CVE-2018-10128 | 1 Xyhcms Project | 1 Xyhcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php. | |||||