Weekly Vulnerabilities Reports > October 15 to 21, 2018
Overview
427 new vulnerabilities reported during this period, including 60 critical vulnerabilities and 160 high severity vulnerabilities. This weekly summary report vulnerabilities in 281 products from 105 vendors including Oracle, Canonical, Debian, Redhat, and Mozilla. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Read", "Information Exposure", "Out-of-bounds Write", and "Cross-Site Request Forgery (CSRF)".
- 345 reported vulnerabilities are remotely exploitables.
- 36 reported vulnerabilities have public exploit available.
- 94 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 304 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 190 reported vulnerabilities.
- Canonical has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
60 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-17 | CVE-2018-2913 | Oracle | Out-of-bounds Write vulnerability in Oracle Goldengate 12.1.2.1.0/12.2.0.2.0/12.3.0.1.0 Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). | 10.0 |
2018-10-21 | CVE-2018-18546 | Thinkphp | SQL Injection vulnerability in Thinkphp 3.2.4 ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable. | 9.8 |
2018-10-19 | CVE-2018-12671 | Sv3C | Information Exposure vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. | 9.8 |
2018-10-19 | CVE-2018-12670 | Sv3C | OS Command Injection vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection. | 9.8 |
2018-10-19 | CVE-2018-12668 | Sv3C | Use of Hard-coded Credentials vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. | 9.8 |
2018-10-19 | CVE-2018-12667 | Sv3C | Improper Authentication vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. | 9.8 |
2018-10-19 | CVE-2018-12666 | Sv3C | Improper Authentication vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. | 9.8 |
2018-10-19 | CVE-2018-18531 | Kaptcha Project | Use of Insufficiently Random Values vulnerability in Kaptcha Project Kaptcha 2.3.2 text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | 9.8 |
2018-10-19 | CVE-2018-18530 | Thinkphp | SQL Injection vulnerability in Thinkphp 5.1.25 ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. | 9.8 |
2018-10-19 | CVE-2018-18529 | Thinkphp | SQL Injection vulnerability in Thinkphp 3.2.4 ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. | 9.8 |
2018-10-19 | CVE-2018-18527 | Owndms | SQL Injection vulnerability in Owndms Ownticket 1.0 OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | 9.8 |
2018-10-19 | CVE-2018-18396 | Moxa | Unspecified vulnerability in Moxa Thingspro 2.1 Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 9.8 |
2018-10-19 | CVE-2018-18395 | Moxa | Unspecified vulnerability in Moxa Thingspro 2.1 Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 9.8 |
2018-10-19 | CVE-2018-18394 | Moxa | Cleartext Storage of Sensitive Information vulnerability in Moxa Thingspro 2.1 Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 9.8 |
2018-10-19 | CVE-2018-18393 | Moxa | Unspecified vulnerability in Moxa Thingspro 2.1 Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 9.8 |
2018-10-19 | CVE-2018-4013 | Live555 Debian | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. | 9.8 |
2018-10-18 | CVE-2018-18488 | Gxlcms | SQL Injection vulnerability in Gxlcms 2.0 In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. | 9.8 |
2018-10-18 | CVE-2018-18486 | Phpshe | SQL Injection vulnerability in PHPshe 1.7 An issue was discovered in PHPSHE 1.7. | 9.8 |
2018-10-18 | CVE-2018-14807 | Opto22 | Out-of-bounds Write vulnerability in Opto22 PAC Control A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution. | 9.8 |
2018-10-18 | CVE-2015-4633 | Koha | SQL Injection vulnerability in Koha Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. | 9.8 |
2018-10-18 | CVE-2018-1822 | IBM | Improper Authentication vulnerability in IBM Flashsystem 840 Firmware and Flashsystem 900 Firmware IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. | 9.8 |
2018-10-18 | CVE-2018-5188 | Debian Canonical Mozilla Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. | 9.8 |
2018-10-18 | CVE-2018-5187 | Debian Canonical Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60 and Firefox ESR 60. | 9.8 |
2018-10-18 | CVE-2018-5186 | Mozilla Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60. | 9.8 |
2018-10-18 | CVE-2018-5156 | Redhat Debian Canonical Mozilla | Improper Input Validation vulnerability in multiple products A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. | 9.8 |
2018-10-18 | CVE-2018-12378 | Redhat Debian Canonical Mozilla | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. | 9.8 |
2018-10-18 | CVE-2018-12377 | Redhat Debian Canonical Mozilla | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. | 9.8 |
2018-10-18 | CVE-2018-12376 | Redhat Debian Canonical Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. | 9.8 |
2018-10-18 | CVE-2018-12369 | Mozilla Canonical | Incorrect Authorization vulnerability in multiple products WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. | 9.8 |
2018-10-18 | CVE-2018-18461 | Kibokolabs | Code Injection vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.7 The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | 9.8 |
2018-10-17 | CVE-2018-18450 | Pbootcms | SQL Injection vulnerability in Pbootcms apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI. | 9.8 |
2018-10-17 | CVE-2018-15616 | Avaya | Deserialization of Untrusted Data vulnerability in Avaya Aura System Platform A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. | 9.8 |
2018-10-17 | CVE-2018-12823 | Adobe | Out-of-bounds Write vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. | 9.8 |
2018-10-17 | CVE-2018-12822 | Adobe | Use After Free vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. | 9.8 |
2018-10-17 | CVE-2018-12814 | Adobe | Out-of-bounds Write vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. | 9.8 |
2018-10-17 | CVE-2018-12813 | Adobe | Out-of-bounds Write vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. | 9.8 |
2018-10-17 | CVE-2018-10824 | Dlink | Insufficiently Protected Credentials vulnerability in Dlink products An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. | 9.8 |
2018-10-17 | CVE-2018-7076 | HP | Improper Authentication vulnerability in HP Intelligent Management Center A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04. | 9.8 |
2018-10-17 | CVE-2018-18427 | S CMS | SQL Injection vulnerability in S-Cms 3.0 s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. | 9.8 |
2018-10-17 | CVE-2018-18408 | Broadcom Fedoraproject | Use After Free vulnerability in multiple products A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. | 9.8 |
2018-10-17 | CVE-2018-17897 | Lcds | Integer Overflow or Wraparound vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. | 9.8 |
2018-10-17 | CVE-2018-17895 | Lcds | Out-of-bounds Read vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which may allow remote code execution. | 9.8 |
2018-10-17 | CVE-2018-17893 | Lcds | NULL Pointer Dereference vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. | 9.8 |
2018-10-17 | CVE-2018-3259 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Java VM component of Oracle Database Server. | 9.8 |
2018-10-17 | CVE-2018-3252 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 9.8 |
2018-10-17 | CVE-2018-3245 | Oracle | Deserialization of Untrusted Data vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 9.8 |
2018-10-17 | CVE-2018-3201 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 9.8 |
2018-10-17 | CVE-2018-3197 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 9.8 |
2018-10-17 | CVE-2018-3191 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 9.8 |
2018-10-16 | CVE-2018-18389 | Neo4J | Improper Authentication vulnerability in Neo4J Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password. | 9.8 |
2018-10-16 | CVE-2018-18375 | Orange | Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | 9.8 |
2018-10-15 | CVE-2018-17532 | Teltonika | OS Command Injection vulnerability in Teltonika Rut900 Firmware, Rut950 Firmware and Rut955 Firmware Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. | 9.8 |
2018-10-15 | CVE-2018-15540 | Agentejo | Path Traversal vulnerability in Agentejo Cockpit Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal. | 9.8 |
2018-10-15 | CVE-2018-18322 | Control Webpanel | OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.480 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter. | 9.8 |
2018-10-15 | CVE-2018-18320 | Asuswrt Merlin Project | Unspecified vulnerability in Asuswrt-Merlin Project products An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. | 9.8 |
2018-10-15 | CVE-2018-18319 | Asuswrt Merlin Project | Code Injection vulnerability in Asuswrt-Merlin Project products An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. | 9.8 |
2018-10-18 | CVE-2018-12387 | Redhat Debian Canonical Mozilla | Improper Input Validation vulnerability in multiple products A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. | 9.1 |
2018-10-17 | CVE-2018-10933 | Libssh Canonical Debian Redhat Netapp Oracle | Improper Authentication vulnerability in multiple products A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. | 9.1 |
2018-10-17 | CVE-2018-3294 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 9.0 |
2018-10-17 | CVE-2018-3183 | Oracle Redhat Debian Canonical HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). | 9.0 |
160 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-21 | CVE-2018-18550 | Serverscheck | SQL Injection vulnerability in Serverscheck ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. | 8.8 |
2018-10-19 | CVE-2018-18420 | Tribalsystems | Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | 8.8 |
2018-10-19 | CVE-2018-12669 | Sv3C | Unspecified vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi. | 8.8 |
2018-10-19 | CVE-2018-18392 | Moxa | Unspecified vulnerability in Moxa Thingspro 2.1 Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 8.8 |
2018-10-19 | CVE-2018-18391 | Moxa | Unspecified vulnerability in Moxa Thingspro 2.1 User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 8.8 |
2018-10-18 | CVE-2018-12375 | Mozilla Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61. | 8.8 |
2018-10-18 | CVE-2018-12370 | Canonical Mozilla | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Reader View SameSite cookie protections are not checked on exiting. | 8.8 |
2018-10-18 | CVE-2018-12364 | Redhat Debian Canonical Mozilla | Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. | 8.8 |
2018-10-18 | CVE-2018-12363 | Redhat Debian Canonical Mozilla | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. | 8.8 |
2018-10-18 | CVE-2018-12362 | Redhat Debian Canonical Mozilla | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. | 8.8 |
2018-10-18 | CVE-2018-12361 | Mozilla Debian Canonical | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur in the SwizzleData code while calculating buffer sizes. | 8.8 |
2018-10-18 | CVE-2018-12360 | Redhat Debian Canonical Mozilla | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. | 8.8 |
2018-10-18 | CVE-2018-12359 | Redhat Debian Canonical Mozilla | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. | 8.8 |
2018-10-17 | CVE-2018-15402 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Enterprise Network Virtualization Software Nfvis8.0/Nfvis9.0 A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. | 8.8 |
2018-10-17 | CVE-2018-18444 | ILM | Out-of-bounds Write vulnerability in ILM Openexr 2.3.0 makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. | 8.8 |
2018-10-17 | CVE-2018-16232 | Ipfire | OS Command Injection vulnerability in Ipfire An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. | 8.8 |
2018-10-17 | CVE-2018-10823 | Dlink | OS Command Injection vulnerability in Dlink products An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. | 8.8 |
2018-10-17 | CVE-2018-18436 | Jtbc | Cross-Site Request Forgery (CSRF) vulnerability in Jtbc PHP 3.0.0.0 JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI. | 8.8 |
2018-10-17 | CVE-2018-18432 | Destoon | Cross-Site Request Forgery (CSRF) vulnerability in Destoon B2B 7.0 An issue was discovered in DESTOON B2B 7.0. | 8.8 |
2018-10-17 | CVE-2018-18426 | S CMS | Code Injection vulnerability in S-Cms 3.0 s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. | 8.8 |
2018-10-17 | CVE-2018-18422 | Usualtool | Cross-Site Request Forgery (CSRF) vulnerability in Usualtool Usualtoolcms 8.0 UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. | 8.8 |
2018-10-17 | CVE-2018-17899 | Lcds | Path Traversal vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. | 8.8 |
2018-10-17 | CVE-2018-3258 | Oracle | Unspecified vulnerability in Oracle Connector/J 5.1.40/5.1.41 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). | 8.8 |
2018-10-16 | CVE-2018-6974 | Vmware | Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. | 8.8 |
2018-10-16 | CVE-2018-18382 | Coderpixel | Unrestricted Upload of File with Dangerous Type vulnerability in Coderpixel Advanced HRM 1.6 Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action. | 8.8 |
2018-10-15 | CVE-2018-15539 | Agentejo | Cross-Site Request Forgery (CSRF) vulnerability in Agentejo Cockpit Agentejo Cockpit lacks an anti-CSRF protection mechanism. | 8.8 |
2018-10-15 | CVE-2018-18317 | Dscms Project | Cross-Site Request Forgery (CSRF) vulnerability in Dscms Project Dscms 1.1 DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. | 8.8 |
2018-10-15 | CVE-2018-18316 | Emlog | Cross-Site Request Forgery (CSRF) vulnerability in Emlog 6.0.0 emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. | 8.8 |
2018-10-19 | CVE-2018-18284 | Artifex Debian Canonical Redhat Pulsesecure | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | 8.6 |
2018-10-17 | CVE-2018-0378 | Cisco | Improper Input Validation vulnerability in Cisco Nx-Os 7.3(2)N1(0.8) A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2018-10-17 | CVE-2018-3298 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3297 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3296 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3295 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3293 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3292 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3291 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3290 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3289 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3288 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-3287 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-17 | CVE-2018-2909 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 8.6 |
2018-10-15 | CVE-2018-17961 | Artifex Debian Canonical Redhat | Information Exposure Through an Error Message vulnerability in multiple products Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. | 8.6 |
2018-10-17 | CVE-2018-3253 | Oracle | Unspecified vulnerability in Oracle Virtual Directory 11.1.1.7.0/11.1.1.9.0 Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Manager). | 8.5 |
2018-10-17 | CVE-2018-3209 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). | 8.3 |
2018-10-17 | CVE-2018-3169 | Oracle Redhat Debian Canonical HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). | 8.3 |
2018-10-17 | CVE-2018-3149 | Oracle Redhat Debian Canonical HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 8.3 |
2018-10-17 | CVE-2018-2911 | Oracle | Unspecified vulnerability in Oracle Glassfish Server 3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). | 8.3 |
2018-10-17 | CVE-2018-3299 | Oracle | Unspecified vulnerability in Oracle Text 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the Oracle Text component of Oracle Database Server. | 8.2 |
2018-10-17 | CVE-2018-3243 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). | 8.2 |
2018-10-17 | CVE-2018-3242 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). | 8.2 |
2018-10-17 | CVE-2018-3235 | Oracle | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). | 8.2 |
2018-10-17 | CVE-2018-3204 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). | 8.2 |
2018-10-17 | CVE-2018-3196 | Oracle | Unspecified vulnerability in Oracle Partner Management Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dashboard). | 8.2 |
2018-10-17 | CVE-2018-3190 | Oracle | Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). | 8.2 |
2018-10-17 | CVE-2018-3189 | Oracle | Unspecified vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). | 8.2 |
2018-10-17 | CVE-2018-3188 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). | 8.2 |
2018-10-17 | CVE-2018-3146 | Oracle | Unspecified vulnerability in Oracle Ilearning 6.1/6.2 Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). | 8.2 |
2018-10-17 | CVE-2018-3138 | Oracle | Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). | 8.2 |
2018-10-17 | CVE-2018-3011 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). | 8.2 |
2018-10-19 | CVE-2018-18224 | Opendesign Oracle | Out-of-bounds Read vulnerability in multiple products A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. | 8.1 |
2018-10-19 | CVE-2018-18223 | Opendesign Oracle | Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash. | 8.1 |
2018-10-18 | CVE-2018-15758 | Pivotal Software | Unspecified vulnerability in Pivotal Software Spring Security Oauth Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. | 8.1 |
2018-10-18 | CVE-2018-12386 | Redhat Debian Canonical Mozilla | Incorrect Type Conversion or Cast vulnerability in multiple products A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. | 8.1 |
2018-10-18 | CVE-2018-12368 | Mozilla | Unspecified vulnerability in Mozilla Firefox Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. | 8.1 |
2018-10-17 | CVE-2018-3273 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). | 8.1 |
2018-10-17 | CVE-2018-3128 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.0/9.1 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. | 8.1 |
2018-10-18 | CVE-2015-4630 | Koha | Cross-Site Request Forgery (CSRF) vulnerability in Koha Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl. | 8.0 |
2018-10-19 | CVE-2018-18026 | Iobit | Out-of-bounds Write vulnerability in Iobit Malware Fighter IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. | 7.8 |
2018-10-18 | CVE-2018-11080 | EMC | Incorrect Permission Assignment for Critical Resource vulnerability in EMC Secure Remote Services Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. | 7.8 |
2018-10-18 | CVE-2018-11079 | EMC | Insufficiently Protected Credentials vulnerability in EMC Secure Remote Services Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. | 7.8 |
2018-10-18 | CVE-2018-18483 | GNU | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.31 The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. | 7.8 |
2018-10-18 | CVE-2018-12379 | Redhat Debian Mozilla | Out-of-bounds Write vulnerability in multiple products When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. | 7.8 |
2018-10-18 | CVE-2016-9069 | Mozilla | Use After Free vulnerability in Mozilla Firefox A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. | 7.8 |
2018-10-17 | CVE-2018-0417 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. | 7.8 |
2018-10-17 | CVE-2018-18445 | Linux Canonical Redhat | Out-of-bounds Read vulnerability in multiple products In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. | 7.8 |
2018-10-17 | CVE-2018-15976 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Technical Communications Suite 1.0.5.1 Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. | 7.8 |
2018-10-17 | CVE-2018-15974 | Adobe | Untrusted Search Path vulnerability in Adobe Framemaker Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. | 7.8 |
2018-10-17 | CVE-2018-17911 | Lcds | Out-of-bounds Write vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. | 7.8 |
2018-10-17 | CVE-2018-17901 | Lcds | Out-of-bounds Write vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process. | 7.8 |
2018-10-16 | CVE-2018-13399 | Atlassian | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Fisheye The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 7.8 |
2018-10-15 | CVE-2018-17980 | Nomachine | Untrusted Search Path vulnerability in Nomachine NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. | 7.8 |
2018-10-15 | CVE-2018-15593 | Ivanti | Unspecified vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. | 7.8 |
2018-10-15 | CVE-2018-15592 | Ivanti | Improper Privilege Management vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. | 7.8 |
2018-10-15 | CVE-2018-15591 | Ivanti | Exposure of Resource to Wrong Sphere vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. | 7.8 |
2018-10-17 | CVE-2018-0456 | Cisco | Improper Input Validation vulnerability in Cisco Nx-Os 9.2(0.43) A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. | 7.7 |
2018-10-17 | CVE-2018-3208 | Oracle | Unspecified vulnerability in Oracle Hyperion Data Relationship Management 11.1.2.4.345 Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and Security). | 7.7 |
2018-10-17 | CVE-2018-3160 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC Admin, OHC Management). | 7.7 |
2018-10-17 | CVE-2018-3155 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). | 7.7 |
2018-10-17 | CVE-2018-3142 | Oracle | Unspecified vulnerability in Oracle Hyperion 11.1.2.4 Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). | 7.7 |
2018-10-17 | CVE-2018-3115 | Oracle | Unspecified vulnerability in Oracle Retail Sales Audit 15.0/16.0 Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). | 7.7 |
2018-10-20 | CVE-2018-18541 | Teeworlds Debian | Improper Input Validation vulnerability in multiple products In Teeworlds before 0.6.5, connection packets could be forged. | 7.5 |
2018-10-19 | CVE-2018-18428 | TP Link | Information Exposure vulnerability in Tp-Link Tl-Sc3130 Firmware 1.6.18P12121101 TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. | 7.5 |
2018-10-19 | CVE-2018-12673 | Sv3C | Information Exposure vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including camera hardware, wireless network, and local area network information. | 7.5 |
2018-10-19 | CVE-2018-18390 | Moxa | Information Exposure vulnerability in Moxa Thingspro 2.1 User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | 7.5 |
2018-10-18 | CVE-2018-15756 | Vmware Oracle Debian | Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. | 7.5 |
2018-10-18 | CVE-2018-18487 | Gxlcms | Information Exposure vulnerability in Gxlcms 2.0 In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations. | 7.5 |
2018-10-18 | CVE-2018-18485 | Phpshe | Path Traversal vulnerability in PHPshe 1.7 An issue was discovered in PHPSHE 1.7. | 7.5 |
2018-10-18 | CVE-2015-4632 | Koha | Path Traversal vulnerability in Koha Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. | 7.5 |
2018-10-17 | CVE-2018-0443 | Cisco | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.2(151.0) A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
2018-10-17 | CVE-2018-0442 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. | 7.5 |
2018-10-17 | CVE-2018-12821 | Adobe | Out-of-bounds Read vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. | 7.5 |
2018-10-17 | CVE-2018-12820 | Adobe | Out-of-bounds Read vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. | 7.5 |
2018-10-17 | CVE-2018-12819 | Adobe | Out-of-bounds Read vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. | 7.5 |
2018-10-17 | CVE-2018-12818 | Adobe | Out-of-bounds Read vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. | 7.5 |
2018-10-17 | CVE-2018-12816 | Adobe | Out-of-bounds Read vulnerability in Adobe Digital Editions Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. | 7.5 |
2018-10-17 | CVE-2018-10822 | Dlink | Path Traversal vulnerability in Dlink products Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. | 7.5 |
2018-10-17 | CVE-2018-18434 | Litemall Project | Path Traversal vulnerability in Litemall Project Litemall 0.9.0 An issue was discovered in litemall 0.9.0. | 7.5 |
2018-10-17 | CVE-2018-3246 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). | 7.5 |
2018-10-17 | CVE-2018-3213 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). | 7.5 |
2018-10-17 | CVE-2018-3152 | Oracle | Unspecified vulnerability in Oracle Glassfish Server 3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). | 7.5 |
2018-10-17 | CVE-2018-3151 | Oracle | Unspecified vulnerability in Oracle Iprocurement Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: E-Content Manager Catalog). | 7.5 |
2018-10-17 | CVE-2018-2914 | Oracle | NULL Pointer Dereference vulnerability in Oracle Goldengate 12.1.2.1.0/12.2.0.2.0/12.3.0.1.0 Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). | 7.5 |
2018-10-17 | CVE-2018-2912 | Oracle | NULL Pointer Dereference vulnerability in Oracle Goldengate 12.1.2.1.0/12.2.0.2.0/12.3.0.1.0 Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). | 7.5 |
2018-10-17 | CVE-2018-2889 | Oracle | Unspecified vulnerability in Oracle Micros Retail-J 12.1.2 Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). | 7.5 |
2018-10-16 | CVE-2018-11025 | Amazon | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash. | 7.5 |
2018-10-16 | CVE-2018-11024 | Amazon | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash. | 7.5 |
2018-10-16 | CVE-2018-11023 | Amazon | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash. | 7.5 |
2018-10-16 | CVE-2018-11022 | Amazon | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash. | 7.5 |
2018-10-16 | CVE-2018-11021 | Amazon | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash. | 7.5 |
2018-10-16 | CVE-2018-11019 | Amazon | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash. | 7.5 |
2018-10-16 | CVE-2018-18385 | Asciidoctor | Infinite Loop vulnerability in Asciidoctor Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). | 7.5 |
2018-10-16 | CVE-2018-18377 | Orange | Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | 7.5 |
2018-10-16 | CVE-2018-18376 | Orange | Information Exposure vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. | 7.5 |
2018-10-15 | CVE-2018-18323 | Control Webpanel | Path Traversal vulnerability in Control-Webpanel Webpanel 0.9.8.480 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. | 7.5 |
2018-10-15 | CVE-2018-18318 | Qiku | NULL Pointer Dereference vulnerability in Qiku 360 Mobile Phone N6 PRO Firmware V096 The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call. | 7.5 |
2018-10-15 | CVE-2018-18315 | Mossle | Unrestricted Upload of File with Dangerous Type vulnerability in Mossle Lemon 1.9.0 com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter. | 7.5 |
2018-10-17 | CVE-2018-0441 | Cisco | Resource Exhaustion vulnerability in Cisco Access Points A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 7.4 |
2018-10-17 | CVE-2018-3275 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). | 7.4 |
2018-10-17 | CVE-2018-3955 | Linksys | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). | 7.2 |
2018-10-17 | CVE-2018-3954 | Linksys | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. | 7.2 |
2018-10-17 | CVE-2018-3953 | Linksys | OS Command Injection vulnerability in Linksys E1200 Firmware and E2500 Firmware Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. | 7.2 |
2018-10-17 | CVE-2018-3192 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). | 7.2 |
2018-10-17 | CVE-2018-3179 | Oracle | Unspecified vulnerability in Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). | 7.2 |
2018-10-17 | CVE-2018-3165 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). | 7.2 |
2018-10-16 | CVE-2018-14772 | Pydio | OS Command Injection vulnerability in Pydio Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection. | 7.2 |
2018-10-17 | CVE-2018-3302 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3234 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3233 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3232 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3231 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3230 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3229 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3228 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3227 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3226 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3225 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3224 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3223 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3222 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3221 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3220 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3219 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3218 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3217 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3/8.5.4 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 7.1 |
2018-10-17 | CVE-2018-3168 | Oracle | Unspecified vulnerability in Oracle Identity Analytics 11.1.1.5.8 Vulnerability in the Oracle Identity Analytics component of Oracle Fusion Middleware (subcomponent: Core Components). | 7.1 |
2018-10-17 | CVE-2018-3158 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). | 7.1 |
2018-10-15 | CVE-2018-1747 | IBM | XXE vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
2018-10-19 | CVE-2017-18348 | Splunk | Incorrect Permission Assignment for Critical Resource vulnerability in Splunk Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | 7.0 |
2018-10-18 | CVE-2018-12385 | Redhat Debian Canonical Mozilla | Improper Input Validation vulnerability in multiple products A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. | 7.0 |
197 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-17 | CVE-2018-3238 | Oracle | Unspecified vulnerability in Oracle Webcenter Sites 11.1.1.8.0 Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). | 6.9 |
2018-10-17 | CVE-2018-0381 | Cisco | Improper Locking vulnerability in Cisco Aironet Access Points A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 6.8 |
2018-10-17 | CVE-2018-3122 | Oracle | Unspecified vulnerability in Oracle Retail Open Commerce Platform 5.3/6.0/6.0.1 Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Integrations). | 6.8 |
2018-10-15 | CVE-2018-17534 | Teltonika | Improper Authentication vulnerability in Teltonika Rut900 Firmware, Rut950 Firmware and Rut955 Firmware Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. | 6.8 |
2018-10-17 | CVE-2017-17176 | Huawei | Out-of-bounds Write vulnerability in Huawei Mate 9 Firmware and Mate 9 PRO Firmware The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. | 6.7 |
2018-10-17 | CVE-2018-3211 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). | 6.6 |
2018-10-17 | CVE-2018-3126 | Oracle | Unspecified vulnerability in Oracle Retail Xstore Point of Service 15.0.2/16.0.4/17.0.2 Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). | 6.6 |
2018-10-21 | CVE-2018-18544 | Imagemagick Graphicsmagick Opensuse | Missing Release of Resource after Effective Lifetime vulnerability in multiple products There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. | 6.5 |
2018-10-19 | CVE-2018-18520 | Elfutils Project Debian Canonical Opensuse Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. | 6.5 |
2018-10-18 | CVE-2018-18482 | Libpg Query Project | Missing Release of Resource after Effective Lifetime vulnerability in Libpg Query Project Libpg Query 101.0.2 An issue was discovered in libpg_query 10-1.0.2. | 6.5 |
2018-10-18 | CVE-2018-18481 | Libopencad Project | Out-of-bounds Read vulnerability in Libopencad Project Libopencad 0.2.0 A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCHAR function in lib/dwg/io.cpp, resulting in an application crash. | 6.5 |
2018-10-18 | CVE-2018-18480 | Libopencad Project | Out-of-bounds Read vulnerability in Libopencad Project Libopencad 0.2.0 A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMCHAR function in lib/dwg/io.cpp, resulting in an application crash. | 6.5 |
2018-10-18 | CVE-2018-12373 | Mozilla Redhat Debian Canonical | Information Exposure vulnerability in multiple products dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. | 6.5 |
2018-10-18 | CVE-2018-12372 | Mozilla Redhat Debian Canonical | Information Exposure vulnerability in multiple products Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. | 6.5 |
2018-10-18 | CVE-2018-12366 | Redhat Debian Canonical Mozilla | Out-of-bounds Read vulnerability in multiple products An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. | 6.5 |
2018-10-18 | CVE-2018-12365 | Redhat Debian Canonical Mozilla | Information Exposure vulnerability in multiple products A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. | 6.5 |
2018-10-17 | CVE-2018-15438 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 12.1 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 6.5 |
2018-10-17 | CVE-2018-0420 | Cisco | Path Traversal vulnerability in Cisco Wireless LAN Controller Software 8.2(151.0) A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. | 6.5 |
2018-10-17 | CVE-2018-3251 | Oracle Netapp Canonical Debian Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 6.5 |
2018-10-17 | CVE-2018-3249 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). | 6.5 |
2018-10-17 | CVE-2018-3248 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). | 6.5 |
2018-10-17 | CVE-2018-3236 | Oracle | Unspecified vulnerability in Oracle User Management Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). | 6.5 |
2018-10-17 | CVE-2018-3203 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
2018-10-17 | CVE-2018-3182 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). | 6.5 |
2018-10-17 | CVE-2018-3166 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). | 6.5 |
2018-10-17 | CVE-2018-3163 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). | 6.5 |
2018-10-17 | CVE-2018-3156 | Oracle Canonical Debian Netapp Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 6.5 |
2018-10-17 | CVE-2018-3145 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). | 6.5 |
2018-10-17 | CVE-2018-3143 | Oracle Netapp Canonical Debian Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 6.5 |
2018-10-17 | CVE-2018-3137 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
2018-10-17 | CVE-2018-3133 | Oracle Netapp Canonical Debian Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). | 6.5 |
2018-10-17 | CVE-2018-2887 | Oracle | Unspecified vulnerability in Oracle Micros Retail-J 12.1.2/13.0.0 Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). | 6.5 |
2018-10-16 | CVE-2018-10839 | Qemu Canonical Debian | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. | 6.5 |
2018-10-15 | CVE-2018-1744 | IBM | Path Traversal vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. | 6.5 |
2018-10-15 | CVE-2018-18073 | Artifex Debian Canonical Redhat | Information Exposure vulnerability in multiple products Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | 6.3 |
2018-10-17 | CVE-2018-3272 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). | 6.2 |
2018-10-21 | CVE-2018-18545 | Fiyo | Cross-site Scripting vulnerability in Fiyo CMS 2.0.7 Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | 6.1 |
2018-10-20 | CVE-2018-18540 | Teakki | Cross-site Scripting vulnerability in Teakki 2.7 TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | 6.1 |
2018-10-19 | CVE-2018-12675 | Sv3C | Open Redirect vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. | 6.1 |
2018-10-19 | CVE-2018-15315 | F5 | Cross-site Scripting vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. | 6.1 |
2018-10-19 | CVE-2018-15314 | F5 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | 6.1 |
2018-10-19 | CVE-2018-15313 | F5 | Cross-site Scripting vulnerability in F5 Big-Ip Advanced Firewall Manager On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | 6.1 |
2018-10-19 | CVE-2018-15312 | F5 | Cross-site Scripting vulnerability in F5 products On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. | 6.1 |
2018-10-18 | CVE-2018-18478 | Librenms | Cross-site Scripting vulnerability in Librenms Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | 6.1 |
2018-10-18 | CVE-2018-18460 | 3CX | Cross-site Scripting vulnerability in 3CX Live Chat 8.0.15 XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | 6.1 |
2018-10-17 | CVE-2018-15435 | Cisco | Cross-site Scripting vulnerability in Cisco Socialminer 11.6(1) A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. | 6.1 |
2018-10-17 | CVE-2018-15973 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. | 6.1 |
2018-10-17 | CVE-2018-15972 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. | 6.1 |
2018-10-17 | CVE-2018-15971 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. | 6.1 |
2018-10-17 | CVE-2018-15970 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. | 6.1 |
2018-10-17 | CVE-2018-15969 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager 6.3.0/6.4.0 Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. | 6.1 |
2018-10-17 | CVE-2018-18372 | Kaasoft | Cross-site Scripting vulnerability in Kaasoft Library CMS 2.1.1 A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. | 6.1 |
2018-10-17 | CVE-2018-18262 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | 6.1 |
2018-10-17 | CVE-2018-17964 | Aryanic | Cross-site Scripting vulnerability in Aryanic Highportal 12.5 Aryanic HighPortal 12.5 has XSS via an Add Tags action. | 6.1 |
2018-10-17 | CVE-2018-15493 | Vbulletin | Open Redirect vulnerability in Vbulletin 5.4.3 vBulletin 5.4.3 has an Open Redirect. | 6.1 |
2018-10-17 | CVE-2018-3301 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). | 6.1 |
2018-10-17 | CVE-2018-3281 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). | 6.1 |
2018-10-17 | CVE-2018-3257 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). | 6.1 |
2018-10-17 | CVE-2018-3255 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). | 6.1 |
2018-10-17 | CVE-2018-3250 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). | 6.1 |
2018-10-17 | CVE-2018-3241 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). | 6.1 |
2018-10-17 | CVE-2018-3207 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). | 6.1 |
2018-10-17 | CVE-2018-3206 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). | 6.1 |
2018-10-17 | CVE-2018-3205 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). | 6.1 |
2018-10-17 | CVE-2018-3194 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). | 6.1 |
2018-10-17 | CVE-2018-3193 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). | 6.1 |
2018-10-17 | CVE-2018-3178 | Oracle | Unspecified vulnerability in Oracle Hyperion Common Events 11.1.2.4 Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). | 6.1 |
2018-10-17 | CVE-2018-3177 | Oracle | Unspecified vulnerability in Oracle Hyperion Common Events 11.1.2.4 Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). | 6.1 |
2018-10-17 | CVE-2018-3176 | Oracle | Unspecified vulnerability in Oracle Hyperion Common Events 11.1.2.4 Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). | 6.1 |
2018-10-17 | CVE-2018-3175 | Oracle | Unspecified vulnerability in Oracle Hyperion Common Events 11.1.2.4 Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). | 6.1 |
2018-10-17 | CVE-2018-3164 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). | 6.1 |
2018-10-17 | CVE-2018-3159 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Fleet Management 9.0 Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Sender and Receiver). | 6.1 |
2018-10-17 | CVE-2018-3154 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). | 6.1 |
2018-10-17 | CVE-2018-3153 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). | 6.1 |
2018-10-17 | CVE-2018-3148 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access). | 6.1 |
2018-10-17 | CVE-2018-3140 | Oracle | Unspecified vulnerability in Oracle Hyperion 11.1.2.4 Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). | 6.1 |
2018-10-17 | CVE-2018-3132 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). | 6.1 |
2018-10-17 | CVE-2018-3131 | Oracle | Unspecified vulnerability in Oracle Hospitality Gift and Loyalty 9.0 Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. | 6.1 |
2018-10-17 | CVE-2018-3059 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework 18.7/18.8/18.9 Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). | 6.1 |
2018-10-16 | CVE-2018-18308 | Bigtreecms | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.23 In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area). | 6.1 |
2018-10-16 | CVE-2018-18307 | Alchemy CMS | Cross-site Scripting vulnerability in Alchemy-Cms Alchemy CMS 4.1.0 A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. | 6.1 |
2018-10-15 | CVE-2018-18260 | Tuzitio | Cross-site Scripting vulnerability in Tuzitio Camaleon CMS 2.4.0 In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. | 6.1 |
2018-10-15 | CVE-2018-18259 | Luya | Cross-site Scripting vulnerability in Luya CMS 1.0.12 Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | 6.1 |
2018-10-15 | CVE-2018-17533 | Teltonika | Cross-site Scripting vulnerability in Teltonika Rut900 Firmware and Rut950 Firmware Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. | 6.1 |
2018-10-15 | CVE-2018-15538 | Agentejo | Cross-site Scripting vulnerability in Agentejo Cockpit Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. | 6.1 |
2018-10-15 | CVE-2017-5934 | Moinmo Debian Canonical Opensuse | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2018-10-15 | CVE-2018-18361 | Nconsulting | Cross-site Scripting vulnerability in Nconsulting Nc-Cms An issue was discovered in nc-cms through 2017-03-10. | 6.1 |
2018-10-15 | CVE-2018-18324 | Control Webpanel | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.480 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter. | 6.1 |
2018-10-15 | CVE-2018-18296 | Metinfo | Cross-site Scripting vulnerability in Metinfo 6.1.2 MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | 6.1 |
2018-10-17 | CVE-2018-7110 | HPE | Race Condition vulnerability in HPE Service Governance Framework 4.2/4.3 A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. | 5.9 |
2018-10-17 | CVE-2018-3144 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). | 5.9 |
2018-10-17 | CVE-2018-3141 | Oracle | Unspecified vulnerability in Oracle Hyperion 11.1.2.4 Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). | 5.8 |
2018-10-19 | CVE-2018-12674 | Sv3C | Cleartext Transmission of Sensitive Information vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. | 5.7 |
2018-10-17 | CVE-2018-3274 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 5.7 |
2018-10-17 | CVE-2018-3263 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Sudo). | 5.6 |
2018-10-17 | CVE-2018-3180 | Oracle Redhat Debian Canonical HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). | 5.6 |
2018-10-19 | CVE-2018-18438 | Qemu Redhat | Integer Overflow or Wraparound vulnerability in multiple products Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. | 5.5 |
2018-10-19 | CVE-2018-18521 | Elfutils Project Debian Redhat Opensuse Canonical | Divide By Zero vulnerability in multiple products Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | 5.5 |
2018-10-19 | CVE-2018-15316 | F5 | Unspecified vulnerability in F5 products In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. | 5.5 |
2018-10-18 | CVE-2018-15765 | Dell | Information Exposure vulnerability in Dell EMC Secure Remote Services Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. | 5.5 |
2018-10-18 | CVE-2018-18484 | GNU | Uncontrolled Recursion vulnerability in GNU Binutils 2.31 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. | 5.5 |
2018-10-18 | CVE-2018-1518 | IBM | Inadequate Encryption Strength vulnerability in IBM products IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. | 5.5 |
2018-10-18 | CVE-2018-12383 | Redhat Debian Canonical Mozilla | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 5.5 |
2018-10-18 | CVE-2018-18459 | Xpdfreader | NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00 The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | 5.5 |
2018-10-18 | CVE-2018-18458 | Xpdfreader | NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00 The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | 5.5 |
2018-10-18 | CVE-2018-18457 | Xpdfreader | NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00 The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | 5.5 |
2018-10-18 | CVE-2018-18456 | Xpdfreader | Out-of-bounds Read vulnerability in Xpdfreader Xpdf 4.00 The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | 5.5 |
2018-10-18 | CVE-2018-18455 | Xpdfreader | Out-of-bounds Read vulnerability in Xpdfreader Xpdf 4.00 The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | 5.5 |
2018-10-18 | CVE-2018-18454 | Xpdfreader | Out-of-bounds Read vulnerability in Xpdfreader Xpdf 4.00 CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | 5.5 |
2018-10-17 | CVE-2018-18409 | Digitalcorpora Fedoraproject Canonical | Out-of-bounds Read vulnerability in multiple products A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. | 5.5 |
2018-10-17 | CVE-2018-18407 | Broadcom Fedoraproject | Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. | 5.5 |
2018-10-17 | CVE-2018-3247 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). | 5.5 |
2018-10-17 | CVE-2018-3195 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 5.5 |
2018-10-17 | CVE-2018-3187 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 5.5 |
2018-10-17 | CVE-2018-3185 | Oracle Netapp Canonical Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 5.5 |
2018-10-17 | CVE-2018-3181 | Oracle | Unspecified vulnerability in Oracle Hospitality Cruise Shipboard Property Management System 8.0 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). | 5.5 |
2018-10-16 | CVE-2018-18384 | Unzip Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzip Project Unzip 6.0 Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. | 5.5 |
2018-10-15 | CVE-2018-12154 | Intel | Infinite Loop vulnerability in Intel Graphics Driver Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access. | 5.5 |
2018-10-15 | CVE-2018-15378 | Clamav Debian Canonical | Out-of-bounds Read vulnerability in multiple products A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. | 5.5 |
2018-10-15 | CVE-2018-15590 | Ivanti | Unspecified vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. | 5.5 |
2018-10-15 | CVE-2018-18310 | Elfutils Project Debian Redhat Opensuse Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. | 5.5 |
2018-10-15 | CVE-2018-18309 | GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.31 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. | 5.5 |
2018-10-19 | CVE-2018-18419 | Ardawan | Cross-site Scripting vulnerability in Ardawan User Management 1.1 Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | 5.4 |
2018-10-19 | CVE-2018-18417 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Ekushey Project Manager 3.1 In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | 5.4 |
2018-10-19 | CVE-2018-12672 | Sv3C | Cross-site Scripting vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. | 5.4 |
2018-10-19 | CVE-2018-18380 | Bigtreecms | Session Fixation vulnerability in Bigtreecms Bigtree CMS A Session Fixation issue was discovered in Bigtree before 4.2.24. | 5.4 |
2018-10-18 | CVE-2015-4631 | Koha | Cross-site Scripting vulnerability in Koha Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. | 5.4 |
2018-10-17 | CVE-2018-15395 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software 8.5(120.0) A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. | 5.4 |
2018-10-17 | CVE-2018-18373 | Schiocco | Cross-site Scripting vulnerability in Schiocco Support Board - Chat and Help Desk 1.2.3 In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action. | 5.4 |
2018-10-17 | CVE-2018-3215 | Oracle | Unspecified vulnerability in Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). | 5.4 |
2018-10-17 | CVE-2018-3130 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Interaction HUB 9.1.0.0 Vulnerability in the PeopleSoft Enterprise Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Application Portal). | 5.4 |
2018-10-16 | CVE-2018-1777 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 5.4 |
2018-10-16 | CVE-2018-18381 | Zblogcn | Cross-site Scripting vulnerability in Zblogcn Z-Blogphp 1.5.2.1935 Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. | 5.4 |
2018-10-16 | CVE-2018-18374 | Metinfo | Cross-site Scripting vulnerability in Metinfo 6.1.2 XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | 5.4 |
2018-10-18 | CVE-2018-12382 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox 62.0 The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. | 5.3 |
2018-10-18 | CVE-2018-12381 | Mozilla | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Firefox Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. | 5.3 |
2018-10-17 | CVE-2018-14597 | Broadcom | Information Exposure vulnerability in Broadcom products CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names. | 5.3 |
2018-10-17 | CVE-2018-0416 | Cisco | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software 8.5(130.0)/8.9(1.52) A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. | 5.3 |
2018-10-17 | CVE-2018-0395 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Extensible Operating System and Nx-Os A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. | 5.3 |
2018-10-17 | CVE-2018-7111 | HP | Unspecified vulnerability in HP Universal Internet of Things A remote unauthorized access vulnerability was identified in HPE UIoT versions 1.5, 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. | 5.3 |
2018-10-17 | CVE-2018-3271 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). | 5.3 |
2018-10-17 | CVE-2018-3268 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). | 5.3 |
2018-10-17 | CVE-2018-3267 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LFTP). | 5.3 |
2018-10-17 | CVE-2018-3261 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 5.3 |
2018-10-17 | CVE-2018-3254 | Oracle | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). | 5.3 |
2018-10-17 | CVE-2018-3244 | Oracle | Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). | 5.3 |
2018-10-17 | CVE-2018-3239 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). | 5.3 |
2018-10-17 | CVE-2018-3237 | Oracle | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Support Cart). | 5.3 |
2018-10-17 | CVE-2018-3214 | Oracle Redhat Debian Canonical HP | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). | 5.3 |
2018-10-17 | CVE-2018-3210 | Oracle | Unspecified vulnerability in Oracle Glassfish Server 3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). | 5.3 |
2018-10-17 | CVE-2018-3202 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). | 5.3 |
2018-10-17 | CVE-2018-3198 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). | 5.3 |
2018-10-17 | CVE-2018-3174 | Oracle Netapp Canonical Debian Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). | 5.3 |
2018-10-17 | CVE-2018-3172 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). | 5.3 |
2018-10-17 | CVE-2018-3167 | Oracle | Unspecified vulnerability in Oracle Application Management Pack Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). | 5.3 |
2018-10-17 | CVE-2018-3171 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). | 5.0 |
2018-10-17 | CVE-2018-3134 | Oracle | Unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process 6.2.0.0 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). | 5.0 |
2018-10-17 | CVE-2018-3285 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). | 4.9 |
2018-10-17 | CVE-2018-3282 | Oracle Netapp Canonical Debian Mariadb Redhat | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). | 4.9 |
2018-10-17 | CVE-2018-3280 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). | 4.9 |
2018-10-17 | CVE-2018-3279 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). | 4.9 |
2018-10-17 | CVE-2018-3278 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). | 4.9 |
2018-10-17 | CVE-2018-3277 | Oracle Netapp Canonical Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 4.9 |
2018-10-17 | CVE-2018-3276 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). | 4.9 |
2018-10-17 | CVE-2018-3265 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). | 4.9 |
2018-10-17 | CVE-2018-3212 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). | 4.9 |
2018-10-17 | CVE-2018-3200 | Oracle Netapp Canonical Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 4.9 |
2018-10-17 | CVE-2018-3186 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 4.9 |
2018-10-17 | CVE-2018-3173 | Oracle Netapp Canonical Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 4.9 |
2018-10-17 | CVE-2018-3170 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). | 4.9 |
2018-10-17 | CVE-2018-3162 | Oracle Netapp Canonical Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 4.9 |
2018-10-17 | CVE-2018-3161 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). | 4.9 |
2018-10-19 | CVE-2018-18416 | Pokkho | Cross-site Scripting vulnerability in Pokkho Lango 1.0 LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. | 4.8 |
2018-10-17 | CVE-2018-0388 | Cisco | Cross-site Scripting vulnerability in Cisco Wireless LAN Controller Software 8.3(133.0)/8.3(135.0)/8.5(120.0) A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web-based interface of an affected system. | 4.8 |
2018-10-17 | CVE-2018-18433 | Destoon | Cross-site Scripting vulnerability in Destoon B2B 7.0 An issue was discovered in DESTOON B2B 7.0. | 4.8 |
2018-10-17 | CVE-2018-18431 | Destoon | Cross-site Scripting vulnerability in Destoon B2B 7.0 An issue was discovered in DESTOON B2B 7.0. | 4.8 |
2018-10-17 | CVE-2018-18430 | Destoon | Cross-site Scripting vulnerability in Destoon B2B 7.0 An issue was discovered in DESTOON B2B 7.0. | 4.8 |
2018-10-19 | CVE-2018-18398 | Xfce | Out-of-bounds Read vulnerability in Xfce Thunar and Xfce Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. | 4.7 |
2018-10-17 | CVE-2018-3262 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). | 4.7 |
2018-10-17 | CVE-2018-3256 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). | 4.7 |
2018-10-17 | CVE-2018-3135 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). | 4.7 |
2018-10-17 | CVE-2018-7989 | Huawei | Improper Authentication vulnerability in Huawei Mate 10 PRO Firmware Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. | 4.6 |
2018-10-17 | CVE-2018-3284 | Oracle Canonical Netapp Mariadb | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 4.4 |
2018-10-17 | CVE-2018-3283 | Oracle Netapp Canonical | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). | 4.4 |
2018-10-17 | CVE-2018-3264 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 4.4 |
2018-10-16 | CVE-2018-11020 | Amazon | Argument Injection or Modification vulnerability in Amazon Fire OS 4.5.5.3 kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash. | 4.4 |
2018-10-18 | CVE-2018-12374 | Mozilla Redhat Debian Canonical | Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. | 4.3 |
2018-10-18 | CVE-2018-12367 | Debian Canonical Mozilla | Improper Input Validation vulnerability in multiple products In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. | 4.3 |
2018-10-18 | CVE-2018-12358 | Mozilla Canonical | Information Exposure vulnerability in multiple products Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. | 4.3 |
2018-10-17 | CVE-2018-18443 | ILM | Missing Release of Resource after Effective Lifetime vulnerability in ILM Openexr 2.3.0 OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. | 4.3 |
2018-10-17 | CVE-2018-3286 | Oracle Netapp | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). | 4.3 |
2018-10-17 | CVE-2018-3269 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). | 4.3 |
2018-10-17 | CVE-2018-3147 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.3 Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). | 4.3 |
2018-10-17 | CVE-2018-3129 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55/8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). | 4.3 |
2018-10-17 | CVE-2018-3127 | Oracle | Unspecified vulnerability in Oracle Demantra Demand Management 12.2/7.3.5 Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). | 4.3 |
2018-10-17 | CVE-2018-2971 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). | 4.3 |
2018-10-17 | CVE-2018-2902 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). | 4.3 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-10-17 | CVE-2018-3266 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). | 3.9 |
2018-10-17 | CVE-2018-3157 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). | 3.7 |
2018-10-17 | CVE-2018-3150 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). | 3.7 |
2018-10-17 | CVE-2018-3136 | Oracle Redhat Debian Canonical HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). | 3.4 |
2018-10-17 | CVE-2018-18386 | Linux Canonical | Incorrect Type Conversion or Cast vulnerability in multiple products drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. | 3.3 |
2018-10-17 | CVE-2018-3139 | Oracle Redhat Debian Canonical HP | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). | 3.1 |
2018-10-17 | CVE-2018-2922 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 2.5 |
2018-10-17 | CVE-2018-7924 | Huawei | Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Anne-Al00 Firmware 8.0.0.151(C00) Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. | 2.4 |
2018-10-17 | CVE-2018-3184 | Oracle | Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4 Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). | 2.4 |
2018-10-17 | CVE-2018-3270 | Oracle | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 1.8 |