Total
299295 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-8070 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. | |||||
CVE-2018-8069 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. | |||||
CVE-2018-8065 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs. | |||||
CVE-2018-8062 | 1 Comtrend | 2 Ar-5387un, Ar-5387un Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | |||||
CVE-2018-8061 | 1 Hwinfo | 1 Amd64 Kernel Driver | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write. | |||||
CVE-2018-8060 | 1 Hwinfo | 1 Amd64 Kernel Driver | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name. | |||||
CVE-2018-8059 | 1 Suse | 1 Portus | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used. | |||||
CVE-2018-8058 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. | |||||
CVE-2018-8057 | 1 Westernbridgegroup | 1 Razor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. | |||||
CVE-2018-8056 | 1 Cobub | 1 Razor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php. | |||||
CVE-2018-8050 | 1 Afflib Project | 1 Afflib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value. | |||||
CVE-2018-8049 | 3 Ibm, Linux, Unisys | 3 Aix, Linux Kernel, Stealth Svg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets. | |||||
CVE-2018-8048 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | |||||
CVE-2018-8047 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter). | |||||
CVE-2018-8046 | 1 Sencha | 1 Ext Js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | |||||
CVE-2018-8045 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. | |||||
CVE-2018-8044 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. | |||||
CVE-2018-8043 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). | |||||
CVE-2018-8042 | 1 Apache | 1 Ambari | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie. | |||||
CVE-2018-8041 | 1 Apache | 1 Camel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. |