Latest CVE Feed
-
6.1
MEDIUMCVE-2018-10686
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.ph... Read more
Affected Products : control_panel- Published: May. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10685
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more
Affected Products : long_range_zip- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10683
An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admi... Read more
Affected Products : wildfly- Published: May. 09, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-10682
An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration prese... Read more
Affected Products : wildfly- Published: May. 09, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-10680
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the ... Read more
Affected Products : z-blogphp- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-10678
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks.... Read more
Affected Products : mybb- Published: May. 13, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-10677
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspec... Read more
Affected Products : ngiflib- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10676
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI.... Read more
- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.... Read more
- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10666
The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables.... Read more
Affected Products : idex_membership- Published: May. 03, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.... Read more
Affected Products : ilias- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10664
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.... Read more
Affected Products : p1204_firmware a1001_firmware a8004-v_firmware a8105-e_firmware a9161_firmware a9188_firmware a9188-v_firmware c1004-e_firmware c2005_firmware c3003-e_firmware +770 more products- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10663
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.... Read more
Affected Products : p1204_firmware a1001_firmware a8004-v_firmware a8105-e_firmware a9161_firmware a9188_firmware a9188-v_firmware c1004-e_firmware c2005_firmware c3003-e_firmware +770 more products- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-10662
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.... Read more
Affected Products : p1204_firmware a1001_firmware a8004-v_firmware a8105-e_firmware a9161_firmware a9188_firmware a9188-v_firmware c1004-e_firmware c2005_firmware c3003-e_firmware +770 more products- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-10661
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.... Read more
Affected Products : p1204_firmware a1001_firmware a8004-v_firmware a8105-e_firmware a9161_firmware a9188_firmware a9188-v_firmware c1004-e_firmware c2005_firmware c3003-e_firmware +770 more products- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-10660
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.... Read more
Affected Products : p1204_firmware a1001_firmware a8004-v_firmware a8105-e_firmware a9161_firmware a9188_firmware a9188-v_firmware c1004-e_firmware c2005_firmware c3003-e_firmware +770 more products- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10659
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruct... Read more
Affected Products : p1204_firmware a1001_firmware a8004-v_firmware a8105-e_firmware a9161_firmware a9188_firmware a9188-v_firmware c1004-e_firmware c2005_firmware c3003-e_firmware +770 more products- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10658
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.... Read more
Affected Products : p1204_firmware a1001_firmware a8004-v_firmware a8105-e_firmware a9161_firmware a9188_firmware a9188-v_firmware c1004-e_firmware c2005_firmware c3003-e_firmware +770 more products- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-10657
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.... Read more
Affected Products : synapse- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-10655
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).... Read more
Affected Products : plug_and_play_auditor- Published: May. 10, 2018
- Modified: Nov. 21, 2024