Total
324382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11408 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-11-21 | N/A |
| The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. | ||||
| CVE-2018-11407 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | N/A |
| An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403. | ||||
| CVE-2018-11406 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-11-21 | N/A |
| An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. | ||||
| CVE-2018-11405 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | N/A |
| Kliqqi 2.0.2 has CSRF in admin/admin_users.php. | ||||
| CVE-2018-11404 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | ||||
| CVE-2018-11403 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | ||||
| CVE-2018-11402 | 1 Simplisafe | 2 U9k-kp1000, U9k-kp1000 Firmware | 2024-11-21 | N/A |
| SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. | ||||
| CVE-2018-11401 | 1 Simplisafe | 2 U9k-bs1000, U9k-bs1000 Firmware | 2024-11-21 | N/A |
| In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. | ||||
| CVE-2018-11400 | 1 Simplisafe | 2 U9k-bs1000, U9k-bs1000 Firmware | 2024-11-21 | N/A |
| In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. | ||||
| CVE-2018-11399 | 1 Simplisafe | 8 U9k-es1000, U9k-es1000 Firmware, U9k-kr1 and 5 more | 2024-11-21 | N/A |
| SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. | ||||
| CVE-2018-11396 | 1 Gnome | 1 Epiphany | 2024-11-21 | N/A |
| ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | ||||
| CVE-2018-11392 | 1 Jigowatt | 1 Php Login \& User Management | 2024-11-21 | N/A |
| An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file. | ||||
| CVE-2018-11386 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-11-21 | N/A |
| An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. | ||||
| CVE-2018-11385 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2024-11-21 | N/A |
| An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. | ||||
| CVE-2018-11384 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. | ||||
| CVE-2018-11383 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. | ||||
| CVE-2018-11382 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | ||||
| CVE-2018-11381 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | ||||
| CVE-2018-11380 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. | ||||
| CVE-2018-11379 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. | ||||