Total
324432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17784 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.1 Medium |
| Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. | ||||
| CVE-2018-17783 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | ||||
| CVE-2018-17782 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | ||||
| CVE-2018-17781 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | N/A |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled. | ||||
| CVE-2018-17780 | 1 Telegram | 2 Telegram Desktop, Telegram Messenger | 2024-11-21 | N/A |
| Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. | ||||
| CVE-2018-17777 | 1 Dlink | 2 Dva-5592, Dva-5592 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges. | ||||
| CVE-2018-17776 | 1 Pcprotect | 1 Antivirus | 2024-11-21 | N/A |
| PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
| CVE-2018-17775 | 1 Seqrite | 1 End Point Security | 2024-11-21 | N/A |
| Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
| CVE-2018-17774 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.8 Medium |
| Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17773 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.8 Medium |
| Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17772 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.8 Medium |
| Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17771 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.6 Medium |
| Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17770 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.6 Medium |
| Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17769 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.6 Medium |
| Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17768 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.8 Medium |
| Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17767 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.8 Medium |
| Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17766 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 4.6 Medium |
| Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17765 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 6.8 Medium |
| Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17707 | 1 Epicgames | 1 Launcher | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Epic Games Launcher versions prior to 8.2.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler for the com.epicgames.launcher protocol. A crafted URI with the com.epicgames.launcher protocol can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-7241. | ||||
| CVE-2018-17706 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230. | ||||