Vulnerabilities (CVE)

Filter

101796 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-7308 2018-02-23 N/A
A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account.
CVE-2018-7273 2018-02-23 N/A
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg...
CVE-2018-7261 2018-02-23 N/A
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).
CVE-2018-7260 2018-02-23 N/A
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2018-6396 2018-02-23 N/A
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
CVE-2018-6218 2018-02-23 N/A
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
CVE-2018-6189 2018-02-23 N/A
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.
CVE-2018-5477 2018-02-23 N/A
An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and...
CVE-2018-3609 2018-02-23 N/A
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass...
CVE-2018-0866 2018-02-23 N/A
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how...
CVE-2018-0832 2018-02-23 N/A
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are...
CVE-2018-0826 2018-02-23 N/A
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage...
CVE-2018-0823 2018-02-23 N/A
The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege...
CVE-2018-0822 2018-02-23 N/A
NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of...
CVE-2018-0821 2018-02-23 N/A
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer...
CVE-2018-0203 2018-02-23 N/A
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in...
CVE-2018-0140 2018-02-23 N/A
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string...
CVE-2018-0139 2018-02-23 N/A
A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a...
CVE-2018-0124 2018-02-23 N/A
A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key...
CVE-2018-0001 1 Juniper 1 Junos 2018-02-23 7.5
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases...