Total
316109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18485 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock. | |||||
| CVE-2018-18484 | 1 Gnu | 1 Binutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. | |||||
| CVE-2018-18483 | 1 Gnu | 1 Binutils | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. | |||||
| CVE-2018-18482 | 1 Libpg Query Project | 1 Libpg Query | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service. | |||||
| CVE-2018-18481 | 1 Libopencad Project | 1 Libopencad | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCHAR function in lib/dwg/io.cpp, resulting in an application crash. | |||||
| CVE-2018-18480 | 1 Libopencad Project | 1 Libopencad | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMCHAR function in lib/dwg/io.cpp, resulting in an application crash. | |||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | |||||
| CVE-2018-18476 | 1 Nedap | 1 Mysql-binuuid-rails | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. | |||||
| CVE-2018-18475 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestricted Arbitrary File Upload. | |||||
| CVE-2018-18473 | 1 Patlite | 6 Nbm-d88n, Nbm-d88n Firmware, Nhl-3fb1 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system. | |||||
| CVE-2018-18472 | 1 Westerndigital | 2 My Book Live, My Book Live Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands, | |||||
| CVE-2018-18471 | 4 Axentra, Medion, Netgear and 1 more | 4 Hipserv, Lifecloud, Stora and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device. | |||||
| CVE-2018-18467 | 1 Conversations | 1 Conversations | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent. | |||||
| CVE-2018-18461 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | |||||
| CVE-2018-18460 | 1 3cx | 1 Live Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | |||||
| CVE-2018-18459 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18458 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18457 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18456 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18455 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||||