Total
323532 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11698 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | ||||
| CVE-2018-11697 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | ||||
| CVE-2018-11696 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11695 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11694 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11693 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | ||||
| CVE-2018-11692 | 1 Canon | 8 Lbp3370, Lbp3370 Firmware, Lbp3460 and 5 more | 2024-11-21 | N/A |
| An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation | ||||
| CVE-2018-11691 | 1 Emerson | 2 Ve6046, Ve6046 Firmware | 2024-11-21 | N/A |
| Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from Emerson’s Guardian Support Portal. Please refer to the DeltaV Security Notification DSN19003 (KBA NK-1900-0808) for more information about this issue. DeltaV versions 13.3 and higher use the Network Device Command Center application to manage DeltaV Smart Switches, and this newer application is not impacted by this issue. After patching the Smart Switch Command Center, users are required to either commission the DeltaV Smart Switches or change password using the tool. | ||||
| CVE-2018-11690 | 1 Balbooa | 1 Gridbox | 2024-11-21 | N/A |
| The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2018-11689 | 2 Hanwha-security, Samsung | 19 Hrd-1641, Hrd-1641 Firmware, Hrd-1642 and 16 more | 2024-11-21 | 6.1 Medium |
| Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.) | ||||
| CVE-2018-11688 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | N/A |
| Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2018-11687 | 1 Bitcoin Red Project | 1 Bitcoin Red | 2024-11-21 | N/A |
| An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue. | ||||
| CVE-2018-11686 | 1 Flowpaper | 1 Flexpaper | 2024-11-21 | N/A |
| The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php. | ||||
| CVE-2018-11685 | 4 Canonical, Liblouis, Opensuse and 1 more | 4 Ubuntu Linux, Liblouis, Leap and 1 more | 2024-11-21 | N/A |
| Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. | ||||
| CVE-2018-11684 | 4 Canonical, Liblouis, Opensuse and 1 more | 4 Ubuntu Linux, Liblouis, Leap and 1 more | 2024-11-21 | N/A |
| Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. | ||||
| CVE-2018-11683 | 3 Canonical, Liblouis, Opensuse | 3 Ubuntu Linux, Liblouis, Leap | 2024-11-21 | N/A |
| Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. | ||||
| CVE-2018-11682 | 1 Lutron | 6 Homeworks Qs, Homeworks Qs Firmware, Radiora 2 and 3 more | 2024-11-21 | 9.8 Critical |
| Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine | ||||
| CVE-2018-11681 | 1 Lutron | 6 Homeworks Qs, Homeworks Qs Firmware, Radiora 2 and 3 more | 2024-11-21 | 9.8 Critical |
| Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine | ||||
| CVE-2018-11680 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | N/A |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | ||||
| CVE-2018-11679 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | N/A |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | ||||