IDCVSSSummaryLast (major) updatePublished
CVE-2018-11504 None
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
26-05-2018 - 17:29 26-05-2018 - 17:29
CVE-2018-11503 None
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
26-05-2018 - 17:29 26-05-2018 - 17:29
CVE-2018-11501 None
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2.
26-05-2018 - 17:29 26-05-2018 - 17:29
CVE-2018-11500 None
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.
26-05-2018 - 17:29 26-05-2018 - 17:29
CVE-2018-11499 None
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
26-05-2018 - 16:29 26-05-2018 - 16:29
CVE-2018-11498 None
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability
26-05-2018 - 16:29 26-05-2018 - 16:29
CVE-2018-11496 None
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.
26-05-2018 - 16:29 26-05-2018 - 16:29
CVE-2018-11495 None
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.
26-05-2018 - 16:29 26-05-2018 - 16:29
CVE-2018-11494 None
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a s
26-05-2018 - 16:29 26-05-2018 - 16:29
CVE-2018-11493 None
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
26-05-2018 - 14:29 26-05-2018 - 14:29
CVE-2018-11490 None
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to
26-05-2018 - 14:29 26-05-2018 - 14:29
CVE-2018-11489 None
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of servic
26-05-2018 - 14:29 26-05-2018 - 14:29
CVE-2018-11487 None
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
26-05-2018 - 11:29 26-05-2018 - 11:29
CVE-2018-9091 None
A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protecti
25-05-2018 - 15:29 25-05-2018 - 15:29
CVE-2018-11479 None
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect
25-05-2018 - 15:29 25-05-2018 - 15:29
CVE-2018-11475 None
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.
25-05-2018 - 15:29 25-05-2018 - 15:29
CVE-2018-11474 None
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
25-05-2018 - 15:29 25-05-2018 - 15:29
CVE-2018-11473 None
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
25-05-2018 - 15:29 25-05-2018 - 15:29
CVE-2018-11472 None
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
25-05-2018 - 15:29 25-05-2018 - 15:29
CVE-2018-11471 None
Cockpit 0.5.5 has XSS via a collection, form, or region.
25-05-2018 - 15:29 25-05-2018 - 15:29
CVE-2018-8871 None
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
25-05-2018 - 12:29 25-05-2018 - 12:29
CVE-2018-8864 None
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigge
25-05-2018 - 12:29 25-05-2018 - 12:29
CVE-2018-8862 None
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alar
25-05-2018 - 12:29 25-05-2018 - 12:29
CVE-2017-14185 None
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside t
25-05-2018 - 12:29 25-05-2018 - 12:29
CVE-2018-6237 None
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2018-6236 None
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tm
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2018-6235 None
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmncies
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2018-6234 None
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2018-6233 None
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2018-6232 None
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2018-10350 None
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided t
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2017-9641 None
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
25-05-2018 - 11:29 25-05-2018 - 11:29
CVE-2018-1565 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1544 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1515 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID:
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1488 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1467 None
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1459 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 14021
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1452 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1451 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1450 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-1449 None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-11470 None
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-11469 None
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2017-1752 None
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.
25-05-2018 - 10:29 25-05-2018 - 10:29
CVE-2018-6674 None
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.
25-05-2018 - 09:29 25-05-2018 - 09:29
CVE-2018-6664 None
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
25-05-2018 - 09:29 25-05-2018 - 09:29
CVE-2018-11468 None
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
25-05-2018 - 09:29 25-05-2018 - 09:29
CVE-2017-3961 None
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of att
25-05-2018 - 09:29 25-05-2018 - 09:29
CVE-2018-11445 None
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
25-05-2018 - 08:29 25-05-2018 - 08:29
Back to Top Mark selected
Back to Top