IDCVSSSummaryLast (major) updatePublished
CVE-2018-15505 None
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack
17-08-2018 - 23:29 17-08-2018 - 23:29
CVE-2018-15504 None
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified
17-08-2018 - 23:29 17-08-2018 - 23:29
CVE-2018-15503 None
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15501 None
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15495 None
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15494 None
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15492 None
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15491 None
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-15482 None
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
17-08-2018 - 16:29 17-08-2018 - 16:29
CVE-2018-14982 None
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
17-08-2018 - 16:29 17-08-2018 - 16:29
CVE-2018-14981 None
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.
17-08-2018 - 16:29 17-08-2018 - 16:29
CVE-2018-15473 None
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-
17-08-2018 - 15:29 17-08-2018 - 15:29
CVE-2018-6622 None
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handle
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-15471 None
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to req
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-15470 None
An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the or
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-15469 None
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in s
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-15468 None
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be care
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-14058 None
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-14057 None
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2017-1732 None
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link
17-08-2018 - 12:29 17-08-2018 - 12:29
CVE-2018-15360 None
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
17-08-2018 - 11:29 17-08-2018 - 11:29
CVE-2018-15359 None
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
17-08-2018 - 11:29 17-08-2018 - 11:29
CVE-2018-15358 None
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
17-08-2018 - 11:29 17-08-2018 - 11:29
CVE-2018-15357 None
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
17-08-2018 - 11:29 17-08-2018 - 11:29
CVE-2018-15356 None
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
17-08-2018 - 11:29 17-08-2018 - 11:29
CVE-2018-15355 None
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118.
17-08-2018 - 10:29 17-08-2018 - 10:29
CVE-2018-15354 None
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.
17-08-2018 - 10:29 17-08-2018 - 10:29
CVE-2018-15353 None
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.
17-08-2018 - 10:29 17-08-2018 - 10:29
CVE-2018-15352 None
An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
17-08-2018 - 10:29 17-08-2018 - 10:29
CVE-2018-15351 None
Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
17-08-2018 - 10:29 17-08-2018 - 10:29
CVE-2018-15350 None
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
17-08-2018 - 10:29 17-08-2018 - 10:29
CVE-2018-5547 None
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box wh
17-08-2018 - 09:29 17-08-2018 - 08:29
CVE-2018-3785 None
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
17-08-2018 - 09:29 17-08-2018 - 09:29
CVE-2018-3784 None
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.
17-08-2018 - 09:29 17-08-2018 - 09:29
CVE-2018-3783 None
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
17-08-2018 - 09:29 17-08-2018 - 09:29
CVE-2018-5546 None
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A maliciou
17-08-2018 - 08:29 17-08-2018 - 08:29
CVE-2018-10873 None
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p
17-08-2018 - 08:29 17-08-2018 - 08:29
CVE-2018-15122 None
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-14567 None
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-13446 None
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacke
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-13435 None
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-13434 None
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-12256 None
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&do
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-11511 None
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-11509 None
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2016-9598 None
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2016-9596 None
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix fo
16-08-2018 - 16:29 16-08-2018 - 16:29
CVE-2018-1712 None
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IB
16-08-2018 - 15:29 16-08-2018 - 15:29
CVE-2018-10140 None
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and P
16-08-2018 - 14:29 16-08-2018 - 14:29
CVE-2018-10139 None
The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.
16-08-2018 - 14:29 16-08-2018 - 14:29
Back to Top Mark selected
Back to Top