Total
315270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5271 | 1 Malwarebytes | 1 Malwarebytes | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
| CVE-2018-5270 | 1 Malwarebytes | 1 Malwarebytes | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit)." | |||||
| CVE-2018-5269 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. | |||||
| CVE-2018-5268 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. | |||||
| CVE-2018-5267 | 1 Cobham | 2 Sea Tel 121, Sea Tel 121 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. | |||||
| CVE-2018-5266 | 1 Cobham | 2 Sea Tel 121, Sea Tel 121 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1. | |||||
| CVE-2018-5265 | 1 Ui | 2 Edgeos, Erlite-3 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters. | |||||
| CVE-2018-5264 | 1 Ui | 2 Unifi 52, Unifi Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter. | |||||
| CVE-2018-5263 | 1 Stackideas | 1 Easydiscuss | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. | |||||
| CVE-2018-5262 | 1 Flexense | 1 Diskboss | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account. | |||||
| CVE-2018-5261 | 1 Flexense | 1 Diskboss | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener. | |||||
| CVE-2018-5259 | 1 Discuz | 1 Discuzx | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | |||||
| CVE-2018-5258 | 1 Banconeon | 1 Neon | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2018-5256 | 1 Redhat | 1 Tectonic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users are able to list all Namespaces through the Console, resulting in an information disclosure. Tectonic's exposure of an unauthenticated API endpoint containing information regarding the internal state of the cluster can provide an attacker with information that may assist in other attacks against the cluster. For example, an attacker may not have the permissions required to list all namespaces in the cluster but can instead leverage this vulnerability to enumerate the namespaces and then begin to check each namespace for weak authorization policies that may allow further escalation of privileges. | |||||
| CVE-2018-5255 | 1 Arista | 1 Eos | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets. | |||||
| CVE-2018-5254 | 1 Arista | 1 Eos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message. | |||||
| CVE-2018-5253 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. | |||||
| CVE-2018-5252 | 1 Entropymine | 1 Imageworsener | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c. | |||||
| CVE-2018-5251 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | |||||