Total
297767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14033 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. | |||||
| CVE-2018-14031 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c. | |||||
| CVE-2018-14029 | 1 Creatiwity | 1 Witycms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. | |||||
| CVE-2018-14028 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins. | |||||
| CVE-2018-14027 | 1 Digisol | 2 Dg-hr-3300, Dg-hr-3300 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page. | |||||
| CVE-2018-14023 | 1 Signal | 1 Signal-desktop | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. | |||||
| CVE-2018-14020 | 1 Paymorrow | 1 Paymorrow | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module. | |||||
| CVE-2018-14017 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. | |||||
| CVE-2018-14016 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. | |||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | |||||
| CVE-2018-14013 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. | |||||
| CVE-2018-14012 | 1 Wolfsight | 1 Wolfsight Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI. | |||||
| CVE-2018-14010 | 1 Mi | 7 Xiaomi R3, Xiaomi R3c, Xiaomi R3c Firmware and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-14009 | 1 Codiad | 1 Codiad | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. | |||||
| CVE-2018-14008 | 1 Arista | 1 Eos | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. | |||||
| CVE-2018-14007 | 1 Citrix | 1 Xenserver | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix XenServer 7.1 and newer allows Directory Traversal. | |||||
| CVE-2018-14006 | 1 Ngtoken Project | 1 Ngtoken | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-14005 | 1 Malaysiancoin Project | 1 Malaysiancoin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-14004 | 1 Globecoin Project | 1 Globecoin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-14003 | 1 Wmctoken Project | 1 Wmctoken | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||