Total
315275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5969 | 1 Photography Cms Project | 1 Photography Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | |||||
| CVE-2018-5968 | 4 Debian, Fasterxml, Netapp and 1 more | 10 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 7 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | |||||
| CVE-2018-5967 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. | |||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | |||||
| CVE-2018-5964 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | |||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | |||||
| CVE-2018-5962 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | |||||
| CVE-2018-5961 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | |||||
| CVE-2018-5960 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | |||||
| CVE-2018-5958 | 1 Zillya | 1 Zillya\! Antivirus | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424. | |||||
| CVE-2018-5957 | 1 Zillya | 1 Zillya\! Antivirus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C. | |||||
| CVE-2018-5956 | 1 Zillya | 1 Zillya\! Antivirus | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414. | |||||
| CVE-2018-5955 | 1 Smartmobilesoftware | 1 Gitstack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI. | |||||
| CVE-2018-5954 | 1 Phpfreechat | 1 Phpfreechat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. | |||||
| CVE-2018-5953 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. | |||||
| CVE-2018-5951 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
| An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack. | |||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Mailman and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | |||||
| CVE-2018-5927 | 1 Hp | 1 Support Assistant | 2024-11-21 | 4.1 MEDIUM | 7.3 HIGH |
| HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. | |||||
| CVE-2018-5926 | 1 Hp | 1 Remote Graphics Software | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. | |||||
| CVE-2018-5925 | 1 Hp | 540 1dt61a, 1dt61a Firmware, 1jl02a and 537 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution. | |||||