Total
299403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6540 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-6537 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. | |||||
| CVE-2018-6536 | 1 Icinga | 1 Icinga | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake. | |||||
| CVE-2018-6535 | 1 Icinga | 1 Icinga | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker. | |||||
| CVE-2018-6534 | 1 Icinga | 1 Icinga | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. | |||||
| CVE-2018-6533 | 1 Icinga | 1 Icinga | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933). | |||||
| CVE-2018-6532 | 1 Icinga | 1 Icinga | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer. | |||||
| CVE-2018-6529 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | |||||
| CVE-2018-6528 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | |||||
| CVE-2018-6527 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | |||||
| CVE-2018-6526 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. | |||||
| CVE-2018-6525 | 1 Inca | 1 Nprotect Avs | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458. | |||||
| CVE-2018-6524 | 1 Inca | 1 Nprotect Avs | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20. | |||||
| CVE-2018-6523 | 1 Inca | 1 Nprotect Avs | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c. | |||||
| CVE-2018-6522 | 1 Inca | 1 Nprotect Avs | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408. | |||||
| CVE-2018-6521 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2018-6520 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | |||||
| CVE-2018-6519 | 2 Debian, Simplesamlphp | 2 Debian Linux, Saml2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | |||||
| CVE-2018-6518 | 1 Compo | 1 Composr Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. | |||||
| CVE-2018-6517 | 1 Puppet | 1 Chloride | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride. | |||||