Search Results (83041 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-5743 3 F5, Isc, Redhat 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 16 more 2024-11-21 7.5 High
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
CVE-2018-5739 1 Isc 1 Kea 2024-11-21 N/A
An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.
CVE-2018-5725 1 Barni 2 Master Ip Camera01, Master Ip Camera01 Firmware 2024-11-21 N/A
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.
CVE-2018-5723 1 Barni 2 Master Ip Camera01, Master Ip Camera01 Firmware 2024-11-21 N/A
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
CVE-2018-5721 1 Asuswrt-merlin 1 Asuswrt-merlin 2024-11-21 8.8 High
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.
CVE-2018-5717 1 Ncr 2 S2 Dispenser Controller, S2 Dispenser Controller Firmware 2024-11-21 N/A
Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
CVE-2018-5715 1 Sugarcrm 1 Sugarcrm 2024-11-21 N/A
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
CVE-2018-5712 4 Canonical, Debian, Php and 1 more 5 Ubuntu Linux, Debian Linux, Php and 2 more 2024-11-21 N/A
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5705 1 Reservo 1 Image Hosting 2024-11-21 N/A
Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
CVE-2018-5703 1 Linux 1 Linux Kernel 2024-11-21 9.8 Critical
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
CVE-2018-5692 1 Piwigo 1 Piwigo 2024-11-21 N/A
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
CVE-2018-5691 1 Sonicwall 2 Analyzer, Global Management System 2024-11-21 N/A
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
CVE-2018-5690 1 Dotclear 1 Dotclear 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
CVE-2018-5689 1 Dotclear 1 Dotclear 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
CVE-2018-5688 1 Ilias 1 Ilias 2024-11-21 N/A
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
CVE-2018-5687 1 Newsbee Project 1 Newsbee 2024-11-21 N/A
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.
CVE-2018-5681 1 Prestashop 1 Prestashop 2024-11-21 N/A
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.
CVE-2018-5675 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
CVE-2018-5672 1 Booking Calendar Project 1 Booking Calendar 2024-11-21 N/A
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.
CVE-2018-5671 1 Booking Calendar Project 1 Booking Calendar 2024-11-21 N/A
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.