Total
317048 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19547 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. | |||||
| CVE-2018-19546 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. | |||||
| CVE-2018-19545 | 1 Jeecms | 1 Jeecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. | |||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | |||||
| CVE-2018-19543 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. | |||||
| CVE-2018-19542 | 5 Canonical, Debian, Jasper Project and 2 more | 6 Ubuntu Linux, Debian Linux, Jasper and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | |||||
| CVE-2018-19541 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. | |||||
| CVE-2018-19540 | 3 Debian, Jasper Project, Suse | 4 Debian Linux, Jasper, Linux Enterprise Desktop and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c. | |||||
| CVE-2018-19539 | 4 Debian, Jasper Project, Opensuse and 1 more | 5 Debian Linux, Jasper, Leap and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. | |||||
| CVE-2018-19537 | 1 Tp-link | 2 Archer C5, Archer C5 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases. | |||||
| CVE-2018-19535 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. | |||||
| CVE-2018-19532 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. | |||||
| CVE-2018-19531 | 1 Httl Project | 1 Httl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. | |||||
| CVE-2018-19530 | 1 Httl Project | 1 Httl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. | |||||
| CVE-2018-19528 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. | |||||
| CVE-2018-19527 | 1 I4 | 1 Ai Si Assistant | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. | |||||
| CVE-2018-19525 | 1 Systrome | 6 Cumilon Isg-600c, Cumilon Isg-600c Firmware, Cumilon Isg-600h and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. | |||||
| CVE-2018-19524 | 1 Skyworthdigital | 6 Dt721-cb, Dt721-cb Firmware, Dt740 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7. | |||||
| CVE-2018-19523 | 1 Driveagent | 1 Driveagent | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool. | |||||
| CVE-2018-19522 | 1 Driveragent | 1 Driveragent | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input. | |||||