Total
299454 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19575 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. | |||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | |||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | |||||
| CVE-2018-19572 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. | |||||
| CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | |||||
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | |||||
| CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | |||||
| CVE-2018-19568 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. | |||||
| CVE-2018-19567 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. | |||||
| CVE-2018-19566 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | |||||
| CVE-2018-19565 | 1 Dcraw Project | 1 Dcraw | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. | |||||
| CVE-2018-19564 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. | |||||
| CVE-2018-19562 | 1 Phpok | 1 Phpok | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive. | |||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. | |||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | |||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | |||||
| CVE-2018-19558 | 1 Arcms Project | 1 Arcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php. | |||||
| CVE-2018-19557 | 1 Arcms Project | 1 Arcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images. | |||||
| CVE-2018-19556 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| ** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability. | |||||
| CVE-2018-19555 | 1 Tp4a | 1 Teleport | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password. | |||||