IDCVSSSummaryLast (major) updatePublished
CVE-2018-20029 None
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
10-12-2018 - 15:29 10-12-2018 - 15:29
CVE-2018-16636 None
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
10-12-2018 - 14:29 10-12-2018 - 14:29
CVE-2018-16635 None
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
10-12-2018 - 14:29 10-12-2018 - 14:29
CVE-2018-15805 None
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
10-12-2018 - 14:29 10-12-2018 - 14:29
CVE-2018-15800 None
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits S
10-12-2018 - 14:29 10-12-2018 - 14:29
CVE-2018-1279 None
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cook
10-12-2018 - 14:29 10-12-2018 - 14:29
CVE-2018-3988 None
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is avail
10-12-2018 - 12:29 10-12-2018 - 12:29
CVE-2018-1957 None
IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-1671 None
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-for
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-1000866 None
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java tha
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-1000865 None
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the J
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-1000864 None
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-1000863 None
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, poten
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-1000862 None
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyon
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-1000861 None
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java object
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2016-10502 None
While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.
10-12-2018 - 09:29 10-12-2018 - 09:29
CVE-2018-20018 None
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20017 None
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20015 None
YzmCMS v5.2 has admin/role/add.html CSRF.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20012 None
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20011 None
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20010 None
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20009 None
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
10-12-2018 - 04:29 10-12-2018 - 04:29
CVE-2018-20006 None
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
10-12-2018 - 01:29 10-12-2018 - 01:29
CVE-2018-20005 None
An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.
10-12-2018 - 01:29 10-12-2018 - 01:29
CVE-2018-20004 None
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by test
10-12-2018 - 01:29 10-12-2018 - 01:29
CVE-2018-20002 None
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demo
09-12-2018 - 21:29 09-12-2018 - 21:29
CVE-2018-20001 None
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.
09-12-2018 - 21:29 09-12-2018 - 21:29
CVE-2018-20000 None
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.
09-12-2018 - 21:29 09-12-2018 - 21:29
CVE-2018-19991 None
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
09-12-2018 - 19:29 09-12-2018 - 19:29
CVE-2018-19983 None
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0
09-12-2018 - 14:29 09-12-2018 - 14:29
CVE-2018-19982 None
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacke
09-12-2018 - 14:29 09-12-2018 - 14:29
CVE-2018-19653 None
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
09-12-2018 - 14:29 09-12-2018 - 14:29
CVE-2018-19980 None
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
08-12-2018 - 13:29 08-12-2018 - 13:29
CVE-2018-19967 None
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE ins
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19966 None
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow pagi
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19965 None
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19964 None
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19963 None
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19962 None
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19961 None
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-9578 None
In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9577 None
In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction i
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9576 None
In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is n
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9575 None
In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed fo
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9574 None
In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is need
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9573 None
In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploi
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9572 None
In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploita
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9571 None
In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed f
07-12-2018 - 18:29 07-12-2018 - 18:29
CVE-2018-9570 None
In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploit
07-12-2018 - 18:29 07-12-2018 - 18:29
Back to Top Mark selected
Back to Top