Total
298660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20604 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. | |||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | |||||
| CVE-2018-20602 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | |||||
| CVE-2018-20601 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | |||||
| CVE-2018-20600 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | |||||
| CVE-2018-20599 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | |||||
| CVE-2018-20598 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 has ?do=user_addpost CSRF. | |||||
| CVE-2018-20597 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | |||||
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jspxcms v9.0.0 allows SSRF. | |||||
| CVE-2018-20595 | 1 Hsweb | 1 Hsweb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | |||||
| CVE-2018-20594 | 1 Hsweb | 1 Hsweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. | |||||
| CVE-2018-20593 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | |||||
| CVE-2018-20592 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. | |||||
| CVE-2018-20591 | 1 Libming | 1 Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx. | |||||
| CVE-2018-20590 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. | |||||
| CVE-2018-20589 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. | |||||
| CVE-2018-20588 | 1 Otfcc Project | 1 Otfcc | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read. | |||||
| CVE-2018-20587 | 2 Bitcoin, Bitcoinknots | 2 Bitcoin Core, Bitcoin Knots | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port. | |||||
| CVE-2018-20586 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | |||||
| CVE-2018-20584 | 3 Debian, Jasper Project, Oracle | 3 Debian Linux, Jasper, Outside In Technology | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||||