Total
323564 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14541 | 1 Readymadeb2bscript | 1 Basic B2b | 2024-11-21 | N/A |
| PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. | ||||
| CVE-2018-14533 | 1 Intenogroup | 2 Iopsys, Iopsys Firmware | 2024-11-21 | N/A |
| read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. | ||||
| CVE-2018-14532 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846. | ||||
| CVE-2018-14531 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp. | ||||
| CVE-2018-14529 | 1 Invoxia | 2 Nvx220, Nvx220 Firmware | 2024-11-21 | N/A |
| Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes. | ||||
| CVE-2018-14528 | 1 Invoxia | 2 Nvx220, Nvx220 Firmware | 2024-11-21 | N/A |
| Invoxia NVX220 devices allow TELNET access as admin with a default password. | ||||
| CVE-2018-14527 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2024-11-21 | N/A |
| Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements). | ||||
| CVE-2018-14526 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. | ||||
| CVE-2018-14524 | 1 Gnu | 1 Libredwg | 2024-11-21 | N/A |
| dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs. | ||||
| CVE-2018-14523 | 3 Aubio, Opensuse, Suse | 3 Aubio, Leap, Linux Enterprise | 2024-11-21 | N/A |
| An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. | ||||
| CVE-2018-14522 | 3 Aubio, Opensuse, Suse | 3 Aubio, Leap, Linux Enterprise | 2024-11-21 | N/A |
| An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. | ||||
| CVE-2018-14521 | 1 Aubio | 1 Aubio | 2024-11-21 | N/A |
| An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. | ||||
| CVE-2018-14519 | 1 Getkirby | 1 Kirby | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page. | ||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. | ||||
| CVE-2018-14515 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. | ||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | ||||
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | ||||
| CVE-2018-14505 | 1 Mitmproxy | 1 Mitmproxy | 2024-11-21 | N/A |
| mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py. | ||||
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). | ||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | ||||