Total
316124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14951 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | |||||
| CVE-2018-14950 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. | |||||
| CVE-2018-14948 | 1 Sound Project | 1 Sound | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2018-14947 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | |||||
| CVE-2018-14946 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). | |||||
| CVE-2018-14945 | 1 Jpeg Encoder Project | 1 Jpeg Encoder | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. | |||||
| CVE-2018-14944 | 1 Jpeg Encoder Project | 1 Jpeg Encoder | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. | |||||
| CVE-2018-14943 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. | |||||
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | |||||
| CVE-2018-14941 | 1 Harmonicinc | 1 Nsg 9000 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. | |||||
| CVE-2018-14940 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. | |||||
| CVE-2018-14939 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. | |||||
| CVE-2018-14938 | 2 Canonical, Digitalcorpora | 2 Ubuntu Linux, Tcpflow | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). | |||||
| CVE-2018-14937 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. | |||||
| CVE-2018-14936 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Title field. | |||||
| CVE-2018-14935 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | |||||
| CVE-2018-14934 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. | |||||
| CVE-2018-14931 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. | |||||
| CVE-2018-14930 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI. | |||||
| CVE-2018-14929 | 1 Matera | 1 Banco | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. | |||||