Total
323435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12739 | 1 Beescms | 1 Beescms | 2024-11-21 | N/A |
| In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | ||||
| CVE-2018-12735 | 1 Saj-electric | 1 Saj Solar Inverter | 2024-11-21 | N/A |
| SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | ||||
| CVE-2018-12716 | 1 Google | 4 Chromecast, Chromecast Firmware, Home and 1 more | 2024-11-21 | N/A |
| The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. | ||||
| CVE-2018-12715 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2024-11-21 | 6.1 Medium |
| DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. | ||||
| CVE-2018-12714 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. | ||||
| CVE-2018-12713 | 1 Gimp | 1 Gimp | 2024-11-21 | 9.1 Critical |
| GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. | ||||
| CVE-2018-12712 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | ||||
| CVE-2018-12711 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | ||||
| CVE-2018-12710 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2024-11-21 | N/A |
| An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML. | ||||
| CVE-2018-12706 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2024-11-21 | N/A |
| DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. | ||||
| CVE-2018-12705 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2024-11-21 | N/A |
| DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). | ||||
| CVE-2018-12703 | 1 Block18 | 1 Block18 | 2024-11-21 | N/A |
| The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | ||||
| CVE-2018-12702 | 1 Gve | 1 Globalvillage Ecosystem | 2024-11-21 | N/A |
| The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | ||||
| CVE-2018-12699 | 3 Canonical, Gnu, Redhat | 3 Ubuntu Linux, Binutils, Enterprise Linux | 2024-11-21 | N/A |
| finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. | ||||
| CVE-2018-12698 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2024-11-21 | N/A |
| demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. | ||||
| CVE-2018-12697 | 3 Canonical, Gnu, Redhat | 4 Ubuntu Linux, Binutils, Ansible Tower and 1 more | 2024-11-21 | N/A |
| A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. | ||||
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | N/A |
| mao10cms 6 allows XSS via the article page. | ||||
| CVE-2018-12695 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | N/A |
| mao10cms 6 allows XSS via the m=bbs&a=index page. | ||||
| CVE-2018-12694 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-11-21 | N/A |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | ||||
| CVE-2018-12693 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-11-21 | N/A |
| Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | ||||