Total
316739 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19389 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification issue. | |||||
| CVE-2018-19388 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue. | |||||
| CVE-2018-19386 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | |||||
| CVE-2018-19376 | 1 Greencms | 1 Greencms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI. | |||||
| CVE-2018-19374 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory. | |||||
| CVE-2018-19371 | 1 Sdl | 1 Web Content Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system. | |||||
| CVE-2018-19370 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import. | |||||
| CVE-2018-19367 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. | |||||
| CVE-2018-19365 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | |||||
| CVE-2018-19364 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | |||||
| CVE-2018-19362 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | |||||
| CVE-2018-19361 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | |||||
| CVE-2018-19360 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | |||||
| CVE-2018-19359 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. | |||||
| CVE-2018-19358 | 1 Gnome | 1 Gnome-keyring | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. | |||||
| CVE-2018-19357 | 1 Xmplay | 1 Xmplay | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file. | |||||
| CVE-2018-19355 | 2 Mypresta, Prestashop | 2 Customer Files Upload, Prestashop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | |||||
| CVE-2018-19353 | 1 Ansilove | 1 Libansilove | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. | |||||
| CVE-2018-19352 | 1 Jupyter | 1 Notebook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | |||||
| CVE-2018-19351 | 1 Jupyter | 1 Notebook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. | |||||