Total
315330 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14885 | 1 Odoo | 1 Odoo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds. | |||||
| CVE-2018-14884 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. | |||||
| CVE-2018-14883 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. | |||||
| CVE-2018-14882 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. | |||||
| CVE-2018-14881 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). | |||||
| CVE-2018-14880 | 7 Apple, Debian, F5 and 4 more | 23 Mac Os X, Debian Linux, Big-ip Access Policy Manager and 20 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). | |||||
| CVE-2018-14879 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 5.1 MEDIUM | 7.0 HIGH |
| The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). | |||||
| CVE-2018-14878 | 1 Jetbrains | 2 Dotpeek, Resharper Ultimate | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | |||||
| CVE-2018-14877 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. | |||||
| CVE-2018-14876 | 1 Flif | 1 Flif | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width. | |||||
| CVE-2018-14875 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter. | |||||
| CVE-2018-14874 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. | |||||
| CVE-2018-14873 | 1 Rincewind Project | 1 Rincewind | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. | |||||
| CVE-2018-14872 | 1 Rincewind Project | 1 Rincewind | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset. | |||||
| CVE-2018-14869 | 1 Php Template Store Script Project | 1 Php Template Store Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. | |||||
| CVE-2018-14868 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call. | |||||
| CVE-2018-14867 | 1 Odoo | 1 Odoo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters. | |||||
| CVE-2018-14866 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs. | |||||
| CVE-2018-14865 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote attackers to read local files. | |||||
| CVE-2018-14864 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment. | |||||