All CVEs — 2018 (Page 118/120)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2018-01-10

High

CVE-2018-0802

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in mem…

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2018-0799

Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are…

CVSS: 6.1 CWE: CWE-79

High

CVE-2018-0798

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in me…

CVSS: 8.8 CWE: CWE-787

High

CVE-2018-0797

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulner…

CVSS: 7.8 CWE: CWE-787

High

CVE-2018-0792

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This…

CVSS: 8.8 CWE: CWE-787

High

CVE-2018-0786

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the…

CVSS: 7.5 CWE: CWE-295

Medium

CVE-2018-0785

ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".

CVSS: 6.5 CWE: CWE-352

2018-01-09

Medium

CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2017-1000465

Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code.

CVSS: 5.4 CWE: CWE-79

High

CVE-2018-4871

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use…

CVSS: 7.5 CWE: CWE-125

Medium

CVE-2018-3610

SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure o…

CVSS: 6.0 CWE: CWE-119

High

CVE-2017-9663

An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remot…

CVSS: 7.5 CWE: CWE-312

Critical

CVE-2017-16740

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has…

CVSS: 10.0 CWE: CWE-120

High

CVE-2017-15131

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs bef…

CVSS: 7.8 CWE: CWE-284

High

CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its clie…

CVSS: 7.5 CWE: CWE-770

Medium

CVE-2017-12697

A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitiv…

CVSS: 5.9 CWE: CWE-300

High

CVE-2017-12695

An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert sec…

CVSS: 8.8 CWE: CWE-287

Medium

CVE-2017-1000429

rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.

CVSS: 6.1 CWE: CWE-79

High

CVE-2017-1671

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" seq…

CVSS: 7.5 CWE: CWE-22

Critical

CVE-2017-1670

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify o…

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2017-1668

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web si…

CVSS: 6.1 CWE: CWE-601

High

CVE-2017-1666

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose…

CVSS: 8.1 CWE: CWE-611

Medium

CVE-2017-1493

IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691.

CVSS: 5.4 CWE: CWE-269

Medium

CVE-2017-1000415

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (dela…

CVSS: 5.9 CWE: CWE-295

Medium

CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::…

CVSS: 4.7 CWE: CWE-362

High

CVE-2018-5221

Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText p…

CVSS: 8.8 CWE: CWE-119

Critical

CVE-2018-5211

PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.

CVSS: 9.8 CWE: CWE-89

High

CVE-2015-1290

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrar…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2015-1208

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4…

CVSS: 5.5 CWE: CWE-191

High

CVE-2018-2363

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious u…

CVSS: 8.8 CWE: CWE-94

High

CVE-2018-2361

In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.

CVSS: 8.8 CWE: CWE-863

High

CVE-2018-2360

SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.

CVSS: 7.5 CWE: CWE-306

Medium

CVE-2018-5312

The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2018-5311

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2018-5310

In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.

CVSS: 6.5 CWE: CWE-22

Medium

CVE-2018-5309

In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerabi…

CVSS: 5.5 CWE: CWE-190

High

CVE-2018-5308

PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-…

CVSS: 7.8 CWE: CWE-476

Critical

CVE-2017-18025

cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning…

CVSS: 9.8 CWE: CWE-78

High

CVE-2012-3353

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing po…

CVSS: 7.5 CWE: CWE-200

2018-01-08

Medium

CVE-2018-5263

The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2018-5301

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.

CVSS: 6.5 CWE: CWE-352

Medium

CVE-2017-7998

Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin p…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2017-7997

Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month paramete…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2017-15883

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via ve…

CVSS: 9.8 CWE: CWE-287

Critical

CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

CVSS: 9.8 CWE: CWE-295

High

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different v…

CVSS: 7.5 CWE: CWE-295

High

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a…

CVSS: 8.1 CWE: CWE-295

Medium

CVE-2014-7222

Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance,…

CVSS: 6.5 CWE: CWE-20

Medium

CVE-2014-7221

TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance,…

CVSS: 6.5 CWE: CWE-119

Medium

CVE-2014-5509

clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.

CVSS: 5.5 CWE: CWE-59

Medium

CVE-2014-5394

Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.

CVSS: 5.9 CWE: CWE-200

Critical

CVE-2014-5071

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2014-5069

Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2014-4972

Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extensi…

CVSS: 9.8 CWE: CWE-434

Medium

CVE-2014-3607

DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which…

CVSS: 5.9 CWE: CWE-295

Medium

CVE-2014-1859

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink at…

CVSS: 5.5 CWE: CWE-59

Medium

CVE-2014-1858

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

CVSS: 5.5 CWE: CWE-20

High

CVE-2013-4364

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink atta…

CVSS: 7.8 CWE: CWE-59

High

CVE-2018-5283

The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.

CVSS: 7.5 CWE: CWE-22

High

CVE-2018-5282

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue becaus…

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2018-5281

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2018-5280

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

CVSS: 5.4 CWE: CWE-79

High

CVE-2018-5298

In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attac…

CVSS: 7.5 CWE: CWE-326

Medium

CVE-2018-5296

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of…

CVSS: 5.5 CWE: CWE-770

Medium

CVE-2018-5295

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause…

CVSS: 5.5 CWE: CWE-190

Medium

CVE-2018-5294

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of…

CVSS: 6.5 CWE: CWE-190

Medium

CVE-2018-5293

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2018-5292

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.

CVSS: 6.1 CWE: CWE-79

High

CVE-2018-5291

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.

CVSS: 7.5 CWE: CWE-22

High

CVE-2018-5290

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.

CVSS: 7.5 CWE: CWE-22

High

CVE-2018-5289

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2018-5288

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.

CVSS: 6.1 CWE: CWE-79

High

CVE-2018-5287

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2018-5286

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.

CVSS: 6.1 CWE: CWE-79

High

CVE-2018-5285

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.

CVSS: 8.8 CWE: CWE-352

Medium

CVE-2018-5284

The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.

CVSS: 4.8 CWE: CWE-79

High

CVE-2018-5279

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20

Low

CVE-2018-5278

CVSS: 3.3 CWE: CWE-20

High

CVE-2018-5277

CVSS: 7.8 CWE: CWE-20

High

CVE-2018-5276

CVSS: 7.8 CWE: CWE-20

High

CVE-2018-5275

CVSS: 7.8 CWE: CWE-20

High

CVE-2018-5274

CVSS: 7.8 CWE: CWE-20

High

CVE-2018-5273

CVSS: 7.8 CWE: CWE-20

High

CVE-2018-5272

CVSS: 7.8 CWE: CWE-20

High

CVE-2018-5271

CVSS: 7.8 CWE: CWE-20

High

CVE-2018-5270

CVSS: 7.8 CWE: CWE-20

Medium

CVE-2018-5269

In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.

CVSS: 5.5 CWE: CWE-617

Medium

CVE-2018-5268

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

CVSS: 5.5 CWE: CWE-787

Medium

CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email…

CVSS: 5.7 CWE: CWE-287

Critical

CVE-2017-5971

SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.

CVSS: 9.8 CWE: CWE-89

High

CVE-2018-5266

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: defau…

CVSS: 7.5 CWE: CWE-200

Medium

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shel…

CVSS: 5.4 CWE: CWE-79

High

CVE-2017-15913

The Installer in Whale allows DLL hijacking.

CVSS: 7.8 CWE: CWE-426

2018-01-06

Critical

CVE-2018-5208

In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.

CVSS: 9.8 CWE: CWE-119

High

CVE-2018-5207

When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.

CVSS: 7.5 CWE: CWE-134

Critical

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.

CVSS: 9.8 CWE: CWE-476

High

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

CVSS: 7.5 CWE: CWE-134

2018-01-05

High

CVE-2018-5253

The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.

CVSS: 7.8 CWE: CWE-835

Medium

CVE-2018-5252

libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.

CVSS: 5.3 CWE: CWE-834

Medium

CVE-2018-5251

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to caus…

CVSS: 6.5 CWE: CWE-681

Medium

CVE-2018-5249

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter t…

CVSS: 6.1 CWE: CWE-79

High

CVE-2018-5248

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

CVSS: 8.8 CWE: CWE-125

Medium

CVE-2018-5247

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2018-5246

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.

CVSS: 6.5 CWE: CWE-772

Medium

CVE-2017-18022

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

CVSS: 6.5 CWE: CWE-772

Critical

CVE-2017-18021

It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.

CVSS: 9.8 CWE: CWE-338

Medium

CVE-2018-5244

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows…

CVSS: 6.5 CWE: CWE-119

High

CVE-2017-15550

An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote aut…

CVSS: 8.8 CWE: CWE-22

High

CVE-2017-15549

CVSS: 8.8 CWE: CWE-434

Critical

CVE-2017-15548

CVSS: 9.8 CWE: CWE-287

High

CVE-2017-16666

Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentic…

CVSS: 8.8 CWE: CWE-78

Critical

CVE-2014-8579

TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.

CVSS: 9.8 CWE: CWE-798

Medium

CVE-2014-8336

The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries,…

CVSS: 6.5 CWE: CWE-20

High

CVE-2017-4948

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with o…

CVSS: 7.1 CWE: CWE-125

High

CVE-2017-4946

The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating…

CVSS: 7.8 CWE: CWE-863

High

CVE-2017-16905

The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in…

CVSS: 8.1 CWE: CWE-94

High

CVE-2017-16753

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.

CVSS: 7.5 CWE: CWE-20

High

CVE-2017-16728

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invali…

CVSS: 7.5 CWE: CWE-822

Critical

CVE-2017-16724

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location…

CVSS: 9.8 CWE: CWE-121

Critical

CVE-2017-16720

A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.

CVSS: 9.8 CWE: CWE-22