Search Results (82923 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20010 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
CVE-2018-20009 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
CVE-2018-20008 1 Iball 2 Ib-wrb302n, Ib-wrb302n Firmware 2024-11-21 6.8 Medium
iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.
CVE-2018-20007 1 Yeelight 2 Smart Ai Speaker, Smart Ai Speaker Firmware 2024-11-21 N/A
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information.
CVE-2018-20006 1 Phpok 1 Phpok 2024-11-21 N/A
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
CVE-2018-20004 3 Debian, Fedoraproject, Mini-xml Project 3 Debian Linux, Fedora, Mini-xml 2024-11-21 8.8 High
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
CVE-2018-20002 3 F5, Gnu, Netapp 4 Traffix Signaling Delivery Controller, Binutils, Cluster Data Ontap and 1 more 2024-11-21 N/A
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
CVE-2018-1998 1 Ibm 1 Websphere Mq 2024-11-21 N/A
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
CVE-2018-1984 1 Ibm 1 Rational Team Concert 2024-11-21 N/A
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.
CVE-2018-1983 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Team Concert 2024-11-21 N/A
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.
CVE-2018-1982 1 Ibm 1 Rational Team Concert 2024-11-21 N/A
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135.
CVE-2018-1975 1 Ibm 1 Rational Doors Web Access 2024-11-21 N/A
IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916.
CVE-2018-1967 1 Ibm 1 Security Identity Manager 2024-11-21 N/A
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.
CVE-2018-1959 1 Ibm 1 Security Identity Manager 2024-11-21 N/A
IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633.
CVE-2018-1952 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2024-11-21 N/A
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495.
CVE-2018-1947 1 Ibm 1 Security Identity Governance And Intelligence 2024-11-21 N/A
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427.
CVE-2018-1944 1 Ibm 1 Security Identity Governance And Intelligence 2024-11-21 N/A
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153386.
CVE-2018-1943 1 Ibm 1 Cloud Private 2024-11-21 N/A
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.
CVE-2018-1936 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2024-11-21 N/A
IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.
CVE-2018-1933 1 Ibm 1 Planning Analytics 2024-11-21 N/A
IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.