Total
316966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20579 | 1 Contiki-ng Project | 1 Contiki-ng | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. | |||||
| CVE-2018-20578 | 1 Nuttx | 1 Nuttx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response. | |||||
| CVE-2018-20577 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
| Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-20576 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-20575 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | |||||
| CVE-2018-20571 | 1 Damicms | 1 Damicms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | |||||
| CVE-2018-20570 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||||
| CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
| CVE-2018-20568 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
| CVE-2018-20567 | 1 Douco | 1 Douphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read. | |||||
| CVE-2018-20566 | 1 Douco | 1 Douphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | |||||
| CVE-2018-20565 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | |||||
| CVE-2018-20564 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | |||||
| CVE-2018-20563 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | |||||
| CVE-2018-20562 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | |||||
| CVE-2018-20561 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | |||||
| CVE-2018-20560 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | |||||
| CVE-2018-20559 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | |||||
| CVE-2018-20558 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | |||||