IDCVSSSummaryLast (major) updatePublished
CVE-2018-5958 None
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424.
21-01-2018 - 17:29 21-01-2018 - 17:29
CVE-2018-5957 None
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.
21-01-2018 - 17:29 21-01-2018 - 17:29
CVE-2018-5956 None
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414.
21-01-2018 - 17:29 21-01-2018 - 17:29
CVE-2018-5955 None
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
21-01-2018 - 17:29 21-01-2018 - 17:29
CVE-2017-18046 None
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).
21-01-2018 - 17:29 21-01-2018 - 17:29
CVE-2016-10708 None
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
21-01-2018 - 17:29 21-01-2018 - 17:29
CVE-2017-18045 None
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.
21-01-2018 - 02:29 21-01-2018 - 02:29
CVE-2017-15112 None
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
19-01-2018 - 19:29 19-01-2018 - 19:29
CVE-2017-15111 None
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
19-01-2018 - 19:29 19-01-2018 - 19:29
CVE-2017-15108 None
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
19-01-2018 - 19:29 19-01-2018 - 19:29
CVE-2017-14803 None
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
19-01-2018 - 19:29 19-01-2018 - 19:29
CVE-2017-12130 None
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs
19-01-2018 - 19:29 19-01-2018 - 19:29
CVE-2017-14460 None
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-14457 None
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclo
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12119 None
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vu
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12118 None
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12116 None
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authoriz
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12113 None
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorizati
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12117 None
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12115 None
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authori
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12114 None
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12112 None
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorizatio
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12097 None
An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript
19-01-2018 - 15:29 19-01-2018 - 15:29
CVE-2017-14097 None
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-14096 None
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-14095 None
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-14094 None
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-14082 None
An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-12098 None
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascri
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-11398 None
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable s
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-7327 None
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
19-01-2018 - 12:29 19-01-2018 - 12:29
CVE-2017-7326 None
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page
19-01-2018 - 12:29 19-01-2018 - 12:29
CVE-2017-7325 None
Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.
19-01-2018 - 12:29 19-01-2018 - 12:29
CVE-2017-18044 None
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to
19-01-2018 - 12:29 19-01-2018 - 12:29
CVE-2017-15713 None
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can
19-01-2018 - 12:29 19-01-2018 - 12:29
CVE-2015-6926 None
The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.
19-01-2018 - 10:29 19-01-2018 - 10:29
CVE-2014-4919 None
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical us
19-01-2018 - 10:29 19-01-2018 - 10:29
CVE-2018-1362 None
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.
19-01-2018 - 09:29 19-01-2018 - 09:29
CVE-2017-6142 None
X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's ide
19-01-2018 - 09:29 19-01-2018 - 09:29
CVE-2017-1693 None
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to highack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
19-01-2018 - 09:29 19-01-2018 - 09:29
CVE-2018-5786 None
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
19-01-2018 - 03:29 19-01-2018 - 03:29
CVE-2018-5785 None
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
19-01-2018 - 03:29 19-01-2018 - 03:29
CVE-2018-5784 None
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared nu
19-01-2018 - 03:29 19-01-2018 - 03:29
CVE-2018-5783 None
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
19-01-2018 - 03:29 19-01-2018 - 03:29
CVE-2016-10707 None
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
18-01-2018 - 18:29 18-01-2018 - 18:29
CVE-2015-9251 None
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
18-01-2018 - 18:29 18-01-2018 - 18:29
CVE-2012-6708 None
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking f
18-01-2018 - 18:29 18-01-2018 - 18:29
CVE-2018-5776 None
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
18-01-2018 - 17:29 18-01-2018 - 17:29
CVE-2017-17860 None
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smar
18-01-2018 - 17:29 18-01-2018 - 17:29
CVE-2018-5773 None
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as
18-01-2018 - 16:29 18-01-2018 - 16:29
Back to Top Mark selected
Back to Top