Total
324289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16724 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A |
| An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. | ||||
| CVE-2018-16723 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020. | ||||
| CVE-2018-16722 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305. | ||||
| CVE-2018-16721 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306. | ||||
| CVE-2018-16720 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304. | ||||
| CVE-2018-16719 | 1 V-secure | 1 Jingyun Antivirus | 2024-11-21 | 7.8 High |
| In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482. | ||||
| CVE-2018-16718 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | N/A |
| An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. | ||||
| CVE-2018-16717 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | N/A |
| A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | ||||
| CVE-2018-16716 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | N/A |
| A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | ||||
| CVE-2018-16715 | 1 Absolute | 1 Ctes Windows Agent | 2024-11-21 | N/A |
| An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. | ||||
| CVE-2018-16713 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | N/A |
| IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction. | ||||
| CVE-2018-16712 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | N/A |
| IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory. | ||||
| CVE-2018-16711 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | N/A |
| IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input. | ||||
| CVE-2018-16710 | 1 Octoprint | 1 Octoprint | 2024-11-21 | N/A |
| OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough. | ||||
| CVE-2018-16709 | 1 Fujixerox | 18 Apeosport-v 5070, Apeosport-v 5070 Firmware, Apeosport-v C3375 and 15 more | 2024-11-21 | N/A |
| Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. | ||||
| CVE-2018-16706 | 1 Lg | 1 Supersign Cms | 2024-11-21 | N/A |
| LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | ||||
| CVE-2018-16705 | 1 Furuno | 4 Felcom 250, Felcom 250 Firmware, Felcom 500 and 1 more | 2024-11-21 | N/A |
| FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. | ||||
| CVE-2018-16704 | 1 Gleeztech | 1 Gleezcms | 2024-11-21 | N/A |
| An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. | ||||
| CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2024-11-21 | N/A |
| A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | ||||
| CVE-2018-16672 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 6.5 Medium |
| An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. | ||||