Total
322440 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11556 | 1 Littlecms | 1 Little Cms | 2024-11-21 | N/A |
| tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.” | ||||
| CVE-2018-11555 | 1 Littlecms | 1 Little Cms | 2024-11-21 | N/A |
| tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.” | ||||
| CVE-2018-11554 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | ||||
| CVE-2018-11553 | 1 Sgin | 1 Xiangyun Platform | 2024-11-21 | N/A |
| SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | ||||
| CVE-2018-11552 | 1 Nch | 1 Axon Pbx | 2024-11-21 | N/A |
| There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | ||||
| CVE-2018-11551 | 1 Nch | 1 Axon Pbx | 2024-11-21 | N/A |
| AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. | ||||
| CVE-2018-11548 | 1 Block | 1 Eos | 2024-11-21 | N/A |
| An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. | ||||
| CVE-2018-11547 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | ||||
| CVE-2018-11546 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. | ||||
| CVE-2018-11545 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. | ||||
| CVE-2018-11543 | 1 Ribboncommunications | 6 Sbc Swe Lite, Sbc Swe Lite Firmware, Sonus Sbc 1000 and 3 more | 2024-11-21 | N/A |
| A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11542 | 1 Ribboncommunications | 6 Sbc Swe Lite, Sbc Swe Lite Firmware, Sonus Sbc 1000 and 3 more | 2024-11-21 | N/A |
| A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11541 | 1 Ribboncommunications | 5 Sbc Swe Lite Web, Sonus Sbc 1000, Sonus Sbc 1000 Firmware and 2 more | 2024-11-21 | N/A |
| A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11538 | 1 Searchblox | 1 Searchblox | 2024-11-21 | N/A |
| servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | ||||
| CVE-2018-11537 | 1 Auth0 | 1 Angular-jwt | 2024-11-21 | N/A |
| Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | ||||
| CVE-2018-11536 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. | ||||
| CVE-2018-11535 | 1 Sitemakin | 1 Slac | 2024-11-21 | N/A |
| An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection. | ||||
| CVE-2018-11532 | 1 Changuondyu Advanced Statistics Project | 1 Changuondyu Advanced Statistics | 2024-11-21 | N/A |
| An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. | ||||
| CVE-2018-11531 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | N/A |
| Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | ||||
| CVE-2018-11529 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | N/A |
| VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. | ||||