Total
315724 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14445 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. | |||||
| CVE-2018-14444 | 1 Libdxfrw Project | 1 Libdxfrw | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash. | |||||
| CVE-2018-14443 | 1 Gnu | 1 Libredwg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). | |||||
| CVE-2018-14442 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. | |||||
| CVE-2018-14441 | 1 Ssh Companywebsite Project | 1 Ssh Companywebsite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type. | |||||
| CVE-2018-14440 | 1 Ssh Companywebsite Project | 1 Ssh Companywebsite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter. | |||||
| CVE-2018-14439 | 1 Eblock | 1 Eos4j | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts. | |||||
| CVE-2018-14438 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. | |||||
| CVE-2018-14437 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. | |||||
| CVE-2018-14436 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. | |||||
| CVE-2018-14435 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. | |||||
| CVE-2018-14434 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. | |||||
| CVE-2018-14432 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. | |||||
| CVE-2018-14430 | 1 Mondula | 1 Multi Step Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php. | |||||
| CVE-2018-14429 | 1 Man-cgi Project | 1 Man-cgi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | |||||
| CVE-2018-14425 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. | |||||
| CVE-2018-14424 | 1 Gnome | 1 Gnome Display Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. | |||||
| CVE-2018-14423 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-14422 | 1 Sanscms | 1 Sanscms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| blog/index.php in SansCMS 0.7 has XSS via the q parameter. | |||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | |||||