Total
10279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15960 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite. | |||||
| CVE-2018-15888 | 1 Aspcms | 1 Aspcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly. | |||||
| CVE-2018-15885 | 1 Ovation | 1 Findme | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques. | |||||
| CVE-2018-15876 | 1 Ajax Bootmodal Login Project | 1 Ajax Bootmodal Login | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation. | |||||
| CVE-2018-15832 | 1 Ubisoft | 1 Uplay | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. | |||||
| CVE-2018-15818 | 1 Reputeinfosystems | 1 Repute Arforms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php. | |||||
| CVE-2018-15778 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). | |||||
| CVE-2018-15747 | 1 Glot | 1 Glot-www | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file. | |||||
| CVE-2018-15738 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F. | |||||
| CVE-2018-15737 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002043. | |||||
| CVE-2018-15736 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F. | |||||
| CVE-2018-15735 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206F. | |||||
| CVE-2018-15734 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B. | |||||
| CVE-2018-15732 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063. | |||||
| CVE-2018-15731 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000205B. | |||||
| CVE-2018-15730 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002067. | |||||
| CVE-2018-15729 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B. | |||||
| CVE-2018-15715 | 1 Zoom | 1 Zoom | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. | |||||
| CVE-2018-15701 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. | |||||
| CVE-2018-15700 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. | |||||