IDCVSSSummaryLast (major) updatePublished
CVE-2018-17336 None
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malfo
22-09-2018 - 12:29 22-09-2018 - 12:29
CVE-2018-17334 None
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impac
22-09-2018 - 12:29 22-09-2018 - 12:29
CVE-2018-17333 None
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf
22-09-2018 - 12:29 22-09-2018 - 12:29
CVE-2018-17332 None
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
22-09-2018 - 12:29 22-09-2018 - 12:29
CVE-2018-17322 None
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
21-09-2018 - 22:29 21-09-2018 - 22:29
CVE-2018-17321 None
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
21-09-2018 - 22:29 21-09-2018 - 22:29
CVE-2018-14891 None
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.
21-09-2018 - 17:29 21-09-2018 - 17:29
CVE-2018-14890 None
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
21-09-2018 - 17:29 21-09-2018 - 17:29
CVE-2018-14889 None
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
21-09-2018 - 17:29 21-09-2018 - 17:29
CVE-2018-12169 None
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which m
21-09-2018 - 16:29 21-09-2018 - 16:29
CVE-2018-17320 None
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
21-09-2018 - 14:29 21-09-2018 - 14:29
CVE-2018-17317 None
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_
21-09-2018 - 14:29 21-09-2018 - 14:29
CVE-2018-17174 None
A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-17173 None
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-17141 None
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-17050 None
The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-17003 None
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-17002 None
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-17001 None
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-16965 None
In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-16833 None
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-16822 None
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-16821 None
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-15613 None
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-15612 None
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-14732 None
An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone ca
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-14731 None
An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive t
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-14730 None
An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-13111 None
There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-12511 None
In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2013-7203 None
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2013-4451 None
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.
21-09-2018 - 13:29 21-09-2018 - 13:29
CVE-2018-9282 None
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payl
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-16793 None
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-16597 None
An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-16281 None
The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control.
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-14691 None
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used t
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-14690 None
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim.
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-14689 None
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to trans
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-14688 None
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could b
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-11352 None
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the c
21-09-2018 - 12:29 21-09-2018 - 12:29
CVE-2018-3915 None
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer,
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-3914 None
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer,
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-3913 None
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer,
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-3906 None
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite datab
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-3894 None
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-16786 None
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-16784 None
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-11241 None
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds
21-09-2018 - 11:29 21-09-2018 - 11:29
CVE-2018-11240 None
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main s
21-09-2018 - 11:29 21-09-2018 - 11:29
Back to Top Mark selected
Back to Top