Total
315719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19199 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. | |||||
| CVE-2018-19198 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. | |||||
| CVE-2018-19197 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal. | |||||
| CVE-2018-19196 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI. | |||||
| CVE-2018-19195 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file. | |||||
| CVE-2018-19194 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message. | |||||
| CVE-2018-19193 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen. | |||||
| CVE-2018-19192 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter. | |||||
| CVE-2018-19191 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | |||||
| CVE-2018-19190 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | |||||
| CVE-2018-19189 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | |||||
| CVE-2018-19188 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | |||||
| CVE-2018-19187 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | |||||
| CVE-2018-19186 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | |||||
| CVE-2018-19185 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | |||||
| CVE-2018-19184 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to cause a denial of service (SEGV) via crafted bytecode. | |||||
| CVE-2018-19183 | 1 Ethereumjs-vm Project | 1 Ethereumjs-vm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic execution result. | |||||
| CVE-2018-19182 | 1 Engelsystem | 1 Engelsystem | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Engelsystem before commit hash 2e28336 allows CSRF. | |||||
| CVE-2018-19181 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. | |||||
| CVE-2018-19180 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. | |||||