IDCVSSSummaryLast (major) updatePublished
CVE-2018-19407 None
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
20-11-2018 - 19:29 20-11-2018 - 19:29
CVE-2018-19406 None
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
20-11-2018 - 19:29 20-11-2018 - 19:29
CVE-2018-19404 None
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting i
20-11-2018 - 19:29 20-11-2018 - 19:29
CVE-2018-19396 None
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
20-11-2018 - 16:29 20-11-2018 - 16:29
CVE-2018-19395 None
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handler
20-11-2018 - 16:29 20-11-2018 - 16:29
CVE-2018-19390 None
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification
20-11-2018 - 16:29 20-11-2018 - 16:29
CVE-2018-19389 None
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification i
20-11-2018 - 16:29 20-11-2018 - 16:29
CVE-2018-19388 None
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.
20-11-2018 - 16:29 20-11-2018 - 16:29
CVE-2018-19387 None
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
20-11-2018 - 16:29 20-11-2018 - 16:29
CVE-2018-19376 None
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI.
20-11-2018 - 16:29 20-11-2018 - 16:29
CVE-2018-18865 None
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18864 None
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18861 None
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18859 None
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18858 None
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18857 None
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18856 None
Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentia
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18774 None
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18773 None
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18772 None
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18716 None
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18715 None
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18565 None
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro be
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18564 None
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above K
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18563 None
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro be
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18562 None
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized se
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18561 None
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacen
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18440 None
DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-18439 None
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-16224 None
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-16223 None
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-16222 None
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-12038 None
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-12037 None
An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link betwee
20-11-2018 - 14:29 20-11-2018 - 14:29
CVE-2018-17948 None
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
20-11-2018 - 13:29 20-11-2018 - 13:29
CVE-2018-1779 None
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
20-11-2018 - 09:29 20-11-2018 - 09:29
CVE-2018-19367 None
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin pass
20-11-2018 - 04:29 20-11-2018 - 04:29
CVE-2018-19335 None
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information
20-11-2018 - 04:29 20-11-2018 - 04:29
CVE-2018-19334 None
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information abo
20-11-2018 - 04:29 20-11-2018 - 04:29
CVE-2018-10099 None
Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information abou
20-11-2018 - 04:29 20-11-2018 - 04:29
CVE-2018-17906 None
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
19-11-2018 - 15:29 19-11-2018 - 15:29
CVE-2018-9209 None
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
19-11-2018 - 13:29 19-11-2018 - 13:29
CVE-2018-9207 None
Arbitrary file upload in jQuery Upload File <= 4.0.2
19-11-2018 - 12:29 19-11-2018 - 12:29
CVE-2018-1841 None
IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.
19-11-2018 - 09:29 19-11-2018 - 09:29
CVE-2018-17190 None
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the mast
19-11-2018 - 09:29 19-11-2018 - 09:29
CVE-2018-15761 None
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token wit
19-11-2018 - 09:29 19-11-2018 - 09:29
CVE-2018-15759 None
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them t
19-11-2018 - 09:29 19-11-2018 - 09:29
CVE-2018-18519 None
BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
19-11-2018 - 03:29 19-11-2018 - 03:29
CVE-2018-19355 None
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to produc
18-11-2018 - 19:29 18-11-2018 - 19:29
CVE-2018-19358 None
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-
18-11-2018 - 14:29 18-11-2018 - 14:29
Back to Top Mark selected
Back to Top