Total
315274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5231 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. | |||||
| CVE-2018-5230 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified. | |||||
| CVE-2018-5229 | 1 Atlassian | 1 Universal Plugin Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | |||||
| CVE-2018-5228 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | |||||
| CVE-2018-5227 | 1 Atlassian | 1 Application Links | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | |||||
| CVE-2018-5226 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability. | |||||
| CVE-2018-5225 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. | |||||
| CVE-2018-5224 | 2 Atlassian, Microsoft | 2 Bamboo, Windows | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability. | |||||
| CVE-2018-5223 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability. | |||||
| CVE-2018-5221 | 1 Barcodewiz | 1 Barcode Activex Control | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property. | |||||
| CVE-2018-5220 | 1 K7computing | 1 Antivirus | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610. | |||||
| CVE-2018-5219 | 1 K7computing | 1 Antivirus | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168. | |||||
| CVE-2018-5218 | 1 K7computing | 1 Antivirus | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0. | |||||
| CVE-2018-5217 | 1 K7computing | 1 Antivirus | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578. | |||||
| CVE-2018-5216 | 1 Radiantcms | 1 Radiant Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | |||||
| CVE-2018-5215 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | |||||
| CVE-2018-5214 | 1 Add Link To Facebook Project | 1 Add Link To Facebook | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. | |||||
| CVE-2018-5213 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2018-5212 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2018-5211 | 1 Phpsugar | 1 Php Melody | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. | |||||