Vulnerabilities (CVE)

Total 297382 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13874 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.
CVE-2018-13872 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.
CVE-2018-13871 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.
CVE-2018-13870 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.
CVE-2018-13869 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.
CVE-2018-13868 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c.
CVE-2018-13867 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.
CVE-2018-13866 1 Hdfgroup 1 Hdf5 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.
CVE-2018-13865 1 Idreamsoft 1 Icms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.
CVE-2018-13864 2 Lightbend, Microsoft 2 Play Framework, Windows 2024-11-21 5.0 MEDIUM 7.5 HIGH
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.
CVE-2018-13863 1 Mongodb 1 Js-bson 2024-11-21 5.0 MEDIUM 7.5 HIGH
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.
CVE-2018-13862 1 Trivum 2 Webtouch Setup V9, Webtouch Setup V9 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
CVE-2018-13861 1 Trivum 2 Webtouch Setup V9, Webtouch Setup V9 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
CVE-2018-13860 1 Trivum 2 C4 Professional, C4 Professional Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request.
CVE-2018-13859 1 Trivum 2 C4 Professional, C4 Professional Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
CVE-2018-13858 1 Trivum 2 C4 Professional, C4 Professional Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
CVE-2018-13850 1 Icanstudioz 1 Firebase Push Notification On Ios \/ Fcm \+ Advance Admin Panel 2024-11-21 7.5 HIGH 9.8 CRITICAL
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.
CVE-2018-13849 1 Instagram-clone Project 1 Instagram-clone 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace.
CVE-2018-13848 1 Axiosys 1 Bento4 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.
CVE-2018-13847 1 Axiosys 1 Bento4 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.