Total
322830 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12711 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | ||||
| CVE-2018-12710 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML. | ||||
| CVE-2018-12706 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2024-11-21 | N/A |
| DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. | ||||
| CVE-2018-12705 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2024-11-21 | N/A |
| DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). | ||||
| CVE-2018-12703 | 1 Block18 | 1 Block18 | 2024-11-21 | N/A |
| The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | ||||
| CVE-2018-12702 | 1 Gve | 1 Globalvillage Ecosystem | 2024-11-21 | N/A |
| The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | ||||
| CVE-2018-12699 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Binutils, Enterprise Linux | 2024-11-21 | N/A |
| finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | ||||
| CVE-2018-12698 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2024-11-21 | N/A |
| demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. | ||||
| CVE-2018-12697 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Binutils, Ansible Tower and 1 more | 2024-11-21 | N/A |
| A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | ||||
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | N/A |
| mao10cms 6 allows XSS via the article page. | ||||
| CVE-2018-12695 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | N/A |
| mao10cms 6 allows XSS via the m=bbs&a=index page. | ||||
| CVE-2018-12694 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-11-21 | N/A |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | ||||
| CVE-2018-12693 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-11-21 | N/A |
| Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | ||||
| CVE-2018-12692 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-11-21 | N/A |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. | ||||
| CVE-2018-12691 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
| Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | ||||
| CVE-2018-12689 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2024-11-21 | 9.8 Critical |
| phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. | ||||
| CVE-2018-12688 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. | ||||
| CVE-2018-12687 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. | ||||
| CVE-2018-12684 | 1 Civetweb Project | 1 Civetweb | 2024-11-21 | N/A |
| Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | ||||
| CVE-2018-12680 | 1 Coapthon Project | 1 Coapthon | 2024-11-21 | N/A |
| The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages. | ||||