CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2018-5500 On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Mul... | N/A | NONE | — | 0 |
| CVE-2018-5501 In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. | N/A | NONE | — | 0 |
| CVE-2018-2365 SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | N/A | NONE | — | 0 |
| CVE-2018-2367 ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by user... | N/A | NONE | — | 0 |
| CVE-2018-2368 SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | N/A | NONE | — | 0 |
| CVE-2018-5314 Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance d... | N/A | NONE | — | 0 |
| CVE-2018-7550 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_... | 8.8 | HIGH | — | 0 |
| CVE-2018-7573 An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can ... | N/A | NONE | — | 0 |
| CVE-2018-7579 \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | N/A | NONE | — | 0 |
| CVE-2018-7584 In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex fu... | N/A | NONE | — | 0 |
| CVE-2017-14798 A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | N/A | NONE | — | 0 |
| CVE-2017-14804 The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots... | N/A | NONE | — | 0 |
| CVE-2017-5188 The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private informa... | N/A | NONE | — | 0 |
| CVE-2017-7426 The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. | N/A | NONE | — | 0 |
| CVE-2017-7435 In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into ... | N/A | NONE | — | 0 |
| CVE-2017-7436 In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into ... | N/A | NONE | — | 0 |
| CVE-2017-9268 In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did no... | N/A | NONE | — | 0 |
| CVE-2018-3561 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. | N/A | NONE | — | 0 |
| CVE-2017-9269 In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malic... | N/A | NONE | — | 0 |
| CVE-2017-9270 In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. | N/A | NONE | — | 0 |
| CVE-2017-9271 The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | 3.3 | LOW | — | 0 |
| CVE-2017-9274 A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | N/A | NONE | — | 0 |
| CVE-2017-9286 The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade... | N/A | NONE | — | 0 |
| CVE-2017-18209 In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to Get... | N/A | NONE | — | 0 |
| CVE-2018-8964 In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | N/A | NONE | — | 0 |
| CVE-2017-18210 In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | N/A | NONE | — | 0 |
| CVE-2017-18211 In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKe... | N/A | NONE | — | 0 |
| CVE-2018-7047 An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be ... | N/A | NONE | — | 0 |
| CVE-2018-7048 An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request. | N/A | NONE | — | 0 |
| CVE-2018-7049 An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPS... | N/A | NONE | — | 0 |
| CVE-2017-15134 A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attac... | N/A | NONE | — | 0 |
| CVE-2018-7586 In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | N/A | NONE | — | 0 |
| CVE-2018-7587 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. | N/A | NONE | — | 0 |
| CVE-2018-7588 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. | N/A | NONE | — | 0 |
| CVE-2018-7589 An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. | N/A | NONE | — | 0 |
| CVE-2018-7590 CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | N/A | NONE | — | 0 |
| CVE-2017-6926 In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this conten... | N/A | NONE | — | 0 |
| CVE-2017-6932 Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. Th... | N/A | NONE | — | 0 |
| CVE-2017-6927 Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as... | N/A | NONE | — | 0 |
| CVE-2017-6928 Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fai... | N/A | NONE | — | 0 |
| CVE-2017-6929 A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in ord... | N/A | NONE | — | 0 |
| CVE-2017-6930 In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. Thi... | N/A | NONE | — | 0 |
| CVE-2017-6931 In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented ... | N/A | NONE | — | 0 |
| CVE-2018-7634 An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an a... | N/A | NONE | — | 0 |
| CVE-2018-1169 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that t... | N/A | NONE | — | 0 |
| CVE-2018-1170 This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authent... | 8.8 | HIGH | — | 0 |
| CVE-2018-6490 Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service. | N/A | NONE | — | 0 |
| CVE-2018-1065 The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service... | N/A | NONE | — | 0 |
| CVE-2017-7434 In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. | N/A | NONE | — | 0 |
| CVE-2018-1066 The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client ... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.