Total
297747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13868 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. | |||||
| CVE-2018-13867 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. | |||||
| CVE-2018-13866 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. | |||||
| CVE-2018-13865 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | |||||
| CVE-2018-13864 | 2 Lightbend, Microsoft | 2 Play Framework, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. | |||||
| CVE-2018-13863 | 1 Mongodb | 1 Js-bson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string. | |||||
| CVE-2018-13862 | 1 Trivum | 2 Webtouch Setup V9, Webtouch Setup V9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | |||||
| CVE-2018-13861 | 1 Trivum | 2 Webtouch Setup V9, Webtouch Setup V9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
| CVE-2018-13860 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request. | |||||
| CVE-2018-13859 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | |||||
| CVE-2018-13858 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
| CVE-2018-13850 | 1 Icanstudioz | 1 Firebase Push Notification On Ios \/ Fcm \+ Advance Admin Panel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter. | |||||
| CVE-2018-13849 | 1 Instagram-clone Project | 1 Instagram-clone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. | |||||
| CVE-2018-13848 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp. | |||||
| CVE-2018-13847 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp. | |||||
| CVE-2018-13846 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-2018-14532. | |||||
| CVE-2018-13845 | 1 Htslib | 1 Htslib | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. | |||||
| CVE-2018-13844 | 1 Htslib | 1 Htslib | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code. | |||||
| CVE-2018-13843 | 1 Htslib | 1 Htslib | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue. | |||||
| CVE-2018-13836 | 1 Rocket Coin Project | 1 Rocket Coin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||