Total
292054 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15880 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. | |||||
| CVE-2018-15877 | 1 Plainview Activity Monitor Project | 1 Plainview Activity Monitor | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | |||||
| CVE-2018-15876 | 1 Ajax Bootmodal Login Project | 1 Ajax Bootmodal Login | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation. | |||||
| CVE-2018-15875 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. | |||||
| CVE-2018-15874 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. | |||||
| CVE-2018-15873 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter. | |||||
| CVE-2018-15871 | 1 Libming | 1 Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-15870 | 1 Libming | 1 Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-15869 | 1 Hashicorp | 1 Packer | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | |||||
| CVE-2018-15868 | 1 Chronoscan | 1 Chronoscan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie. | |||||
| CVE-2018-15865 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. | |||||
| CVE-2018-15864 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. | |||||
| CVE-2018-15863 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. | |||||
| CVE-2018-15862 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. | |||||
| CVE-2018-15861 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | |||||
| CVE-2018-15859 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. | |||||
| CVE-2018-15858 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. | |||||
| CVE-2018-15857 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | |||||
| CVE-2018-15856 | 2 Canonical, Xkbcommon | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | |||||
| CVE-2018-15855 | 2 Canonical, Xkbcommon Project | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. | |||||