Total
324371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11561 | 1 Erc20token Project | 1 Erc20token | 2024-11-21 | 7.5 High |
| An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets. | ||||
| CVE-2018-11560 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2024-11-21 | 9.8 Critical |
| The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. | ||||
| CVE-2018-11559 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | ||||
| CVE-2018-11558 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | ||||
| CVE-2018-11557 | 1 Yiban | 1 Easy Class Education Platform | 2024-11-21 | N/A |
| YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. | ||||
| CVE-2018-11556 | 1 Littlecms | 1 Little Cms | 2024-11-21 | N/A |
| tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.” | ||||
| CVE-2018-11555 | 1 Littlecms | 1 Little Cms | 2024-11-21 | N/A |
| tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.” | ||||
| CVE-2018-11554 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | ||||
| CVE-2018-11553 | 1 Sgin | 1 Xiangyun Platform | 2024-11-21 | N/A |
| SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | ||||
| CVE-2018-11552 | 1 Nch | 1 Axon Pbx | 2024-11-21 | N/A |
| There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | ||||
| CVE-2018-11551 | 1 Nch | 1 Axon Pbx | 2024-11-21 | N/A |
| AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly. | ||||
| CVE-2018-11548 | 1 Block | 1 Eos | 2024-11-21 | N/A |
| An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. | ||||
| CVE-2018-11547 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | ||||
| CVE-2018-11546 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. | ||||
| CVE-2018-11545 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. | ||||
| CVE-2018-11543 | 1 Ribboncommunications | 6 Sbc Swe Lite, Sbc Swe Lite Firmware, Sonus Sbc 1000 and 3 more | 2024-11-21 | N/A |
| A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11542 | 1 Ribboncommunications | 6 Sbc Swe Lite, Sbc Swe Lite Firmware, Sonus Sbc 1000 and 3 more | 2024-11-21 | N/A |
| A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11541 | 1 Ribboncommunications | 5 Sbc Swe Lite Web, Sonus Sbc 1000, Sonus Sbc 1000 Firmware and 2 more | 2024-11-21 | N/A |
| A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | ||||
| CVE-2018-11538 | 1 Searchblox | 1 Searchblox | 2024-11-21 | N/A |
| servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | ||||
| CVE-2018-11537 | 1 Auth0 | 1 Angular-jwt | 2024-11-21 | N/A |
| Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | ||||