Total
292054 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15854 | 2 Canonical, Xkbcommon Project | 2 Ubuntu Linux, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. | |||||
| CVE-2018-15853 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | |||||
| CVE-2018-15852 | 1 Technicolor | 2 Tc7200.20, Tc7200.20 Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. | |||||
| CVE-2018-15851 | 1 Flexocms Project | 1 Flexo Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add. | |||||
| CVE-2018-15850 | 1 Redaxo | 1 Redaxo Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. | |||||
| CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | |||||
| CVE-2018-15848 | 1 Portfoliocms Project | 1 Portfoliocms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. | |||||
| CVE-2018-15847 | 1 Puppycms | 1 Puppycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field. | |||||
| CVE-2018-15846 | 1 Fledrcms Project | 1 Fledrcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. | |||||
| CVE-2018-15845 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | |||||
| CVE-2018-15844 | 1 Damicms | 1 Damicms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. | |||||
| CVE-2018-15843 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | |||||
| CVE-2018-15842 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. | |||||
| CVE-2018-15840 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. | |||||
| CVE-2018-15839 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. | |||||
| CVE-2018-15836 | 1 Xelerance | 1 Openswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. | |||||
| CVE-2018-15835 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. | |||||
| CVE-2018-15834 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | |||||
| CVE-2018-15833 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | |||||
| CVE-2018-15832 | 1 Ubisoft | 1 Uplay | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. | |||||