Vulnerabilities (CVE)


35903 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18887 1 S-cms 1 S-cms 2018-12-08 7.5
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
CVE-2018-12242 1 Symantec 1 Messaging Gateway 2018-12-08 7.5
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to...
CVE-2018-1150 1 Nuuo 1 Nvrmini2 Firmware 2018-12-07 7.5
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
CVE-2018-1851 1 Ibm 1 Websphere Application Server 2018-12-07 7.5
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit...
CVE-2018-18751 3 Gnu, Canonical, Redhat 3 Gettext, Ubuntu Linux, Enterprise Linux 2018-12-07 7.5
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVE-2018-1149 1 Nuuo 1 Nvrmini2 Firmware 2018-12-07 10.0
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
CVE-2018-18752 1 Webiness Project 1 Webiness Inventory 2018-12-07 7.5
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
CVE-2018-16521 1 Openmrs 2 Html Form Entry, Reference Application 2018-12-07 7.5
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
CVE-2017-8931 1 Bitdefender 1 Gravityzone 2018-12-07 10.0
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
CVE-2018-16461 2018-12-07 10.0
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.
CVE-2018-16839 3 Haxx, Canonical, Debian 3 Curl, Ubuntu Linux, Debian Linux 2018-12-07 7.5
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
CVE-2012-0838 1 Apache 1 Struts 2018-12-07 10.0
Apache Struts 2 before evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
CVE-2018-16840 1 Canonical 1 Ubuntu Linux 2018-12-07 7.5
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct...
CVE-2018-18834 1 Mz-automation 1 Libiec61850 2018-12-07 7.5
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c.
CVE-2018-18957 1 Mz-automation 1 Libiec61850 2018-12-07 7.5
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
CVE-2018-15708 1 Nagios 1 Nagios Xi 2018-12-07 7.5
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2017-8248 1 Apple 1 Iphone Os 2018-12-07 10.0
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.
CVE-2012-0035 2 Eric M Ludlam, Gnu 2 Cedet, Emacs 2018-12-07 9.3
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent...
CVE-2013-2353 1 Hp 1 Storeonce D2d 2018-12-06 7.8
Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors.
CVE-2013-1365 1 Adobe 4 Adobe Air, Flash Player For Android, Adobe Air Sdk and 1 more 2018-12-06 10.0
Buffer overflow in Adobe Flash Player before and 11.x before 11.6.602.168 on Windows, before and 11.x before 11.6.602.167 on Mac OS X, before and 11.x before on Linux, before on Android...