Total
322821 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12635 | 1 Circontrol | 1 Scada | 2024-11-21 | N/A |
| CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. | ||||
| CVE-2018-12634 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 9.8 Critical |
| CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | ||||
| CVE-2018-12633 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. | ||||
| CVE-2018-12632 | 1 Redatam | 1 Redatam | 2024-11-21 | N/A |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. | ||||
| CVE-2018-12631 | 1 Redatam | 1 Redatam | 2024-11-21 | N/A |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. | ||||
| CVE-2018-12630 | 1 Nmark | 1 Nmcms | 2024-11-21 | N/A |
| NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. | ||||
| CVE-2018-12628 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. | ||||
| CVE-2018-12627 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. | ||||
| CVE-2018-12626 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. | ||||
| CVE-2018-12625 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. | ||||
| CVE-2018-12624 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter. | ||||
| CVE-2018-12623 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. | ||||
| CVE-2018-12622 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. | ||||
| CVE-2018-12621 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter. | ||||
| CVE-2018-12617 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-11-21 | 7.5 High |
| qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. | ||||
| CVE-2018-12615 | 1 Phusion | 1 Passenger | 2024-11-21 | N/A |
| An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. | ||||
| CVE-2018-12613 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 8.8 High |
| An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). | ||||
| CVE-2018-12611 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.8.4 and earlier allows Directory Traversal. | ||||
| CVE-2018-12610 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.8.4 and earlier allows Information Exposure. | ||||
| CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | ||||