Vulnerabilities (CVE)

Total 299295 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-8070 1 Qcms 1 Qcms 2024-11-21 3.5 LOW 5.4 MEDIUM
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.
CVE-2018-8069 1 Qcms 1 Qcms 2024-11-21 3.5 LOW 5.4 MEDIUM
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.
CVE-2018-8065 1 Flexense 1 Syncbreeze 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
CVE-2018-8062 1 Comtrend 2 Ar-5387un, Ar-5387un Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.
CVE-2018-8061 1 Hwinfo 1 Amd64 Kernel Driver 2024-11-21 3.6 LOW 7.1 HIGH
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write.
CVE-2018-8060 1 Hwinfo 1 Amd64 Kernel Driver 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.
CVE-2018-8059 1 Suse 1 Portus 2024-11-21 5.8 MEDIUM 8.8 HIGH
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.
CVE-2018-8058 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.
CVE-2018-8057 1 Westernbridgegroup 1 Razor 2024-11-21 7.5 HIGH 9.8 CRITICAL
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.
CVE-2018-8056 1 Cobub 1 Razor 2024-11-21 5.0 MEDIUM 7.5 HIGH
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
CVE-2018-8050 1 Afflib Project 1 Afflib 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.
CVE-2018-8049 3 Ibm, Linux, Unisys 3 Aix, Linux Kernel, Stealth Svg 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.
CVE-2018-8048 2 Debian, Loofah Project 2 Debian Linux, Loofah 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
CVE-2018-8047 1 Vtiger 1 Vtiger Crm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).
CVE-2018-8046 1 Sencha 1 Ext Js 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.
CVE-2018-8045 1 Joomla 1 Joomla\! 2024-11-21 6.5 MEDIUM 8.8 HIGH
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
CVE-2018-8044 1 K7computing 4 Antivrius, Enterprise Security, Total Security and 1 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys.
CVE-2018-8043 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 2.1 LOW 5.5 MEDIUM
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
CVE-2018-8042 1 Apache 1 Ambari 2024-11-21 4.3 MEDIUM 8.1 HIGH
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
CVE-2018-8041 1 Apache 1 Camel 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.