Total
317058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19658 | 2 Apple, Evernote | 2 Macos, Yinxiang Biji | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This behavior may be encountered by some Evernote users; however, it is a vulnerability in YXBJ, not a vulnerability in Evernote. | |||||
| CVE-2018-19655 | 2 Dcraw Project, Suse | 3 Dcraw, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. | |||||
| CVE-2018-19654 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists. | |||||
| CVE-2018-19653 | 1 Hashicorp | 1 Consul | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade. | |||||
| CVE-2018-19651 | 1 Interspire | 1 Email Marketer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. | |||||
| CVE-2018-19650 | 1 Antiy | 1 Anti Virus Lab Atool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002000 by the IRPFile.sys Antiy-AVL ATool kernel driver. The bug is caused by failure to properly validate the length of the user-supplied data, which results in a kernel stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code in the context of the kernel, which could lead to privilege escalation and a failed exploit could lead to denial of service. | |||||
| CVE-2018-19649 | 1 Infovista | 1 Vistaportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19648 | 1 Adtran | 1 Pmaa | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF. | |||||
| CVE-2018-19646 | 1 Imperva | 1 Securesphere | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. | |||||
| CVE-2018-19645 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19644 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
| Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19643 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 4.7 MEDIUM |
| Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19642 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 5.1 MEDIUM |
| Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19641 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 7.5 HIGH | 6.1 MEDIUM |
| Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19640 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine. | |||||
| CVE-2018-19639 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root. | |||||
| CVE-2018-19638 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 3.3 LOW | 2.2 LOW |
| In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. | |||||
| CVE-2018-19637 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 3.6 LOW | 2.8 LOW |
| Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection | |||||
| CVE-2018-19636 | 1 Opensuse | 1 Supportutils | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges | |||||
| CVE-2018-19635 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | |||||