Total
95541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0536 | 1 Qqq Systems Project | 1 Qqq Systems | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi. | |||||
| CVE-2018-0535 | 1 Php 2chbbs Project | 1 Php 2chbbs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0534 | 1 Arsenol Project | 1 Arsenol | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0533 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors. | |||||
| CVE-2018-0531 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors. | |||||
| CVE-2018-0529 | 1 Cybozu | 1 Office | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2018-0528 | 1 Cybozu | 1 Office | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | |||||
| CVE-2018-0527 | 1 Cybozu | 1 Office | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0526 | 1 Cybozu | 1 Office | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | |||||
| CVE-2018-0525 | 1 Jubat | 1 Jubatus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-0519 | 1 Fsi | 2 Fs010w, Fs010w Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0518 | 1 Linecorp | 1 Line | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2018-0513 | 1 Mtssb.mt-systems | 1 Simple Booking | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0512 | 1 Iodata | 90 Bx-vp1, Bx-vp1 Firmware, Gv-ntx1 and 87 more | 2024-11-21 | 7.7 HIGH | 6.8 MEDIUM |
| Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0511 | 1 Meowapps | 1 Wp Retina 2x | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0508 | 1 Kkcald Project | 1 Kkcald | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0505 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock | |||||
| CVE-2018-0504 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid | |||||
| CVE-2018-0503 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | |||||
| CVE-2018-0501 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | |||||