IDCVSSSummaryLast (major) updatePublished
CVE-2018-6493 None
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injec
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-6492 None
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11384 None
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11383 None
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11382 None
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11381 None
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11380 None
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11379 None
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11378 None
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11377 None
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11376 None
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-11375 None
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
22-05-2018 - 15:29 22-05-2018 - 15:29
CVE-2018-2409 6.5
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
22-05-2018 - 15:18 10-04-2018 - 11:29
CVE-2018-2408 7.5
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
22-05-2018 - 15:16 10-04-2018 - 11:29
CVE-2018-2406 4.6
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
22-05-2018 - 15:13 10-04-2018 - 11:29
CVE-2018-10193 5.0
LogMeIn LastPass through 4.9.1 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.
22-05-2018 - 14:47 17-04-2018 - 20:29
CVE-2018-10080 5.0
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
22-05-2018 - 14:46 13-04-2018 - 00:29
CVE-2014-9563 4.0
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently acce
22-05-2018 - 14:39 12-04-2018 - 17:29
CVE-2014-8422 6.8
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions
22-05-2018 - 14:38 12-04-2018 - 17:29
CVE-2014-8421 8.5
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.
22-05-2018 - 14:32 12-04-2018 - 17:29
CVE-2018-6494 None
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
22-05-2018 - 14:29 22-05-2018 - 14:29
CVE-2018-11093 None
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.
22-05-2018 - 14:29 22-05-2018 - 14:29
CVE-2015-8094 None
Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
22-05-2018 - 14:29 22-05-2018 - 14:29
CVE-2017-2825 6.8
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active
22-05-2018 - 14:22 20-04-2018 - 17:29
CVE-2018-10074 4.9
The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval.
22-05-2018 - 14:11 12-04-2018 - 14:29
CVE-2018-9118 5.0
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.
22-05-2018 - 14:11 12-04-2018 - 11:29
CVE-2017-6910 5.0
The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfi
22-05-2018 - 14:11 12-04-2018 - 11:29
CVE-2015-1777 4.3
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prev
22-05-2018 - 13:54 12-04-2018 - 11:29
CVE-2018-8834 4.6
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 an
22-05-2018 - 13:54 17-04-2018 - 15:29
CVE-2014-6633 9.0
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collec
22-05-2018 - 13:45 12-04-2018 - 11:29
CVE-2014-6309 5.0
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling.
22-05-2018 - 13:34 12-04-2018 - 11:29
CVE-2018-11373 None
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
22-05-2018 - 13:29 22-05-2018 - 13:29
CVE-2018-11372 None
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
22-05-2018 - 13:29 22-05-2018 - 13:29
CVE-2017-2617 None
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
22-05-2018 - 13:29 22-05-2018 - 13:29
CVE-2017-2609 None
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for
22-05-2018 - 13:29 22-05-2018 - 13:29
CVE-2016-8656 None
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
22-05-2018 - 13:29 22-05-2018 - 13:29
CVE-2018-7530 4.6
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 an
22-05-2018 - 13:19 17-04-2018 - 15:29
CVE-2016-9094 6.8
Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12
22-05-2018 - 13:18 16-04-2018 - 15:29
CVE-2018-3843 6.8
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can pote
22-05-2018 - 13:11 19-04-2018 - 15:29
CVE-2018-3842 6.8
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker contr
22-05-2018 - 13:10 19-04-2018 - 15:29
CVE-2018-10236 6.5
POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data['name'] with no restrictions, and this value is written to th
22-05-2018 - 13:10 19-04-2018 - 14:29
CVE-2018-10235 6.5
POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache['setting']['ucssocfg'] in diy\module\member\models\Member
22-05-2018 - 13:10 19-04-2018 - 14:29
CVE-2018-9861 4.3
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to
22-05-2018 - 13:09 19-04-2018 - 13:29
CVE-2018-8118 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.
22-05-2018 - 13:09 19-04-2018 - 12:29
CVE-2018-10222 6.8
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
22-05-2018 - 13:08 19-04-2018 - 04:29
CVE-2018-10219 5.0
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
22-05-2018 - 13:08 19-04-2018 - 04:29
CVE-2017-18261 4.9
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as
22-05-2018 - 13:08 19-04-2018 - 04:29
CVE-2018-1035 4.6
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.
22-05-2018 - 13:07 18-04-2018 - 21:29
CVE-2018-7899 7.1
The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.
22-05-2018 - 12:57 19-04-2018 - 10:29
CVE-2018-1000158 4.3
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisonin
22-05-2018 - 12:56 18-04-2018 - 15:29
Back to Top Mark selected
Back to Top