Total
297382 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13874 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset. | |||||
CVE-2018-13872 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c. | |||||
CVE-2018-13871 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c. | |||||
CVE-2018-13870 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. | |||||
CVE-2018-13869 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. | |||||
CVE-2018-13868 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. | |||||
CVE-2018-13867 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. | |||||
CVE-2018-13866 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. | |||||
CVE-2018-13865 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | |||||
CVE-2018-13864 | 2 Lightbend, Microsoft | 2 Play Framework, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. | |||||
CVE-2018-13863 | 1 Mongodb | 1 Js-bson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string. | |||||
CVE-2018-13862 | 1 Trivum | 2 Webtouch Setup V9, Webtouch Setup V9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | |||||
CVE-2018-13861 | 1 Trivum | 2 Webtouch Setup V9, Webtouch Setup V9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
CVE-2018-13860 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request. | |||||
CVE-2018-13859 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | |||||
CVE-2018-13858 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
CVE-2018-13850 | 1 Icanstudioz | 1 Firebase Push Notification On Ios \/ Fcm \+ Advance Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter. | |||||
CVE-2018-13849 | 1 Instagram-clone Project | 1 Instagram-clone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. | |||||
CVE-2018-13848 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp. | |||||
CVE-2018-13847 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp. |