Vulnerabilities (CVE)

Filter

8806 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-14636 1 Openstack 1 Neutron 2018-12-08 3.5
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down...
CVE-2018-18733 1 Catfish-cms 1 Catfish Cms 2018-12-07 3.5
An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.
CVE-2018-18736 1 Catfish-cms 1 Catfish Blog 2018-12-07 3.5
An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."
CVE-2018-18710 1 Linux 1 Linux Kernel 2018-12-07 2.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with...
CVE-2018-17178 1 Neato 5 Botvac D3 Connected Firmware, Botvac D4 Connected Firmware, Botvac D5 Connected Firmware and 2 more 2018-12-07 2.9
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right,...
CVE-2018-15661 1 Olacabs 1 Olamoney 2018-12-07 2.6
** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password...
CVE-2018-17782 1 Mantisbt 1 Mantisbt 2018-12-07 3.5
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a...
CVE-2018-17783 1 Mantisbt 1 Mantisbt 2018-12-07 3.5
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a...
CVE-2018-17177 1 Neato 6 Botvac 85 Firmware, Botvac D3 Connected Firmware, Botvac D4 Connected Firmware and 3 more 2018-12-07 2.1
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a...
CVE-2018-18694 1 Monstra 1 Monstra 2018-12-06 3.5
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.
CVE-2013-2037 2 Httplib2 Project, Canonical 2 Ubuntu Linux, Httplib2 2018-12-06 2.6
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows...
CVE-2018-15713 1 Nagios 1 Nagios Xi 2018-12-06 3.5
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2018-6559 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2018-12-06 2.1
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
CVE-2013-2033 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-12-06 2.1
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or...
CVE-2018-18840 1 Sem-cms 1 Semcms 2018-12-06 3.5
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.
CVE-2018-18841 1 Sem-cms 1 Semcms 2018-12-06 3.5
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.
CVE-2018-7989 1 Huawei 1 Mate 10 Pro Firmware 2018-12-06 2.1
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock...
CVE-2013-2149 1 Owncloud 1 Owncloud 2018-12-06 3.5
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
CVE-2018-18517 1 Citrix 1 Netscaler Gateway Firmware 2018-12-06 3.5
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
CVE-2018-18386 1 Linux 1 Linux Kernel 2018-12-06 2.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.