Total
315700 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14403 | 1 Techsmith | 1 Mp4v2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access. | |||||
| CVE-2018-14402 | 1 Axmldec Project | 1 Axmldec | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp. | |||||
| CVE-2018-14401 | 1 Axml Parser Project | 1 Axml Parser | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read. | |||||
| CVE-2018-14399 | 1 Phpcms Project | 1 Phpcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. | |||||
| CVE-2018-14398 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. | |||||
| CVE-2018-14397 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14396 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14395 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | |||||
| CVE-2018-14394 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. | |||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The New Threads plugin before 1.2 for MyBB has XSS. | |||||
| CVE-2018-14389 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. | |||||
| CVE-2018-14388 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | |||||
| CVE-2018-14387 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in. | |||||
| CVE-2018-14384 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | |||||
| CVE-2018-14383 | 1 Ttpsc | 1 The Scheduler | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7 | |||||
| CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| InstantCMS 2.10.1 has /redirect?url= XSS. | |||||
| CVE-2018-14381 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. | |||||
| CVE-2018-14380 | 1 Graylog | 1 Graylog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | |||||
| CVE-2018-14379 | 1 Techsmith | 1 Mp4v2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion. | |||||
| CVE-2018-14371 | 1 Eclipse | 1 Mojarra | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. | |||||