ReportizFlow
Filtered by vendor
Subscriptions
Total
322438 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11743 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2024-11-21 | 9.8 Critical |
| The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11742 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | ||||
| CVE-2018-11741 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | ||||
| CVE-2018-11740 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11739 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11738 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11737 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | ||||
| CVE-2018-11736 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file. | ||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | ||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| In e107 v2.1.7, output without filtering results in XSS. | ||||
| CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11730 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 5.5 Medium |
| The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 5.5 Medium |
| The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11726 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | N/A |
| The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | ||||
| CVE-2018-11725 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | N/A |
| The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. | ||||
| CVE-2018-11724 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | N/A |
| The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | ||||
| CVE-2018-11723 | 1 Libpff Project | 1 Libpff | 2024-11-21 | N/A |
| The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub | ||||
| CVE-2018-11722 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | ||||