Latest CVE Feed
-
7.2
HIGHCVE-2018-10737
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.... Read more
Affected Products : nagios_xi- Published: May. 16, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-10736
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.... Read more
Affected Products : nagios_xi- Published: May. 16, 2018
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2018-10735
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.... Read more
Affected Products : nagios_xi- Published: May. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10734
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.... Read more
Affected Products : d303_firmware d305_firmware d403_firmware a303_firmware a403_firmware d303 d305 d403 a303 a403- Published: May. 08, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-10733
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap ansible_tower libgxps- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-10732
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.... Read more
Affected Products : data_science_studio- Published: May. 28, 2018
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2018-10731
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-10730
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-10729
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2018-10728
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 17, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-10727
Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header.... Read more
Affected Products : fabrik- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-10726
A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/c... Read more
Affected Products : yellow- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10723
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.... Read more
- Published: May. 05, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10722
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this ... Read more
Affected Products : cylanceprotect- Published: May. 04, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2018-10718
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.... Read more
Affected Products : call_of_duty_modern_warfare_2- Published: May. 03, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-10717
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly... Read more
Affected Products : ngiflib- Published: May. 03, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-10716
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly consider... Read more
Affected Products : 2345_security_guard- Published: May. 03, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-10713
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corrupti... Read more
- Published: May. 03, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10712
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leverage... Read more
- Published: Oct. 30, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10711
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This c... Read more
- Published: Oct. 30, 2018
- Modified: Nov. 21, 2024