Total
314758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12920 | 1 Flir | 2 Brickstream 2300, Brickstream 2300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. | |||||
| CVE-2018-12919 | 1 Craftedweb Project | 1 Craftedweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter. | |||||
| CVE-2018-12918 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c. | |||||
| CVE-2018-12917 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c. | |||||
| CVE-2018-12916 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c. | |||||
| CVE-2018-12915 | 1 Pbc Project | 1 Pbc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c. | |||||
| CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | |||||
| CVE-2018-12913 | 1 Miniz Project | 1 Miniz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero. | |||||
| CVE-2018-12912 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI. | |||||
| CVE-2018-12911 | 2 Canonical, Webkitgtk | 2 Ubuntu Linux, Webkitgtk\+ | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. | |||||
| CVE-2018-12910 | 5 Canonical, Debian, Gnome and 2 more | 9 Ubuntu Linux, Debian Linux, Libsoup and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | |||||
| CVE-2018-12909 | 1 Webgrind Project | 1 Webgrind | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| ** DISPUTED ** Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment." | |||||
| CVE-2018-12908 | 1 Brynamics | 1 Brynamics | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | |||||
| CVE-2018-12907 | 1 Rclone | 1 Rclone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue. | |||||
| CVE-2018-12905 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. | |||||
| CVE-2018-12904 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 4.4 MEDIUM | 4.9 MEDIUM |
| In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. | |||||
| CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | |||||
| CVE-2018-12902 | 1 Easymagazine Project | 1 Easymagazine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site. | |||||
| CVE-2018-12901 | 1 Mitel | 2 St, St Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-12900 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. | |||||