Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2018-0723 —
Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724.
Published: December 26, 2018; 11:29:00 AM -05:00
-
CVE-2018-0724 —
Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723.
Published: December 26, 2018; 11:29:00 AM -05:00
-
CVE-2018-1000835 —
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
Published: December 20, 2018; 10:29:01 AM -05:00
-
CVE-2018-1000834 —
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
Published: December 20, 2018; 10:29:01 AM -05:00
-
CVE-2018-1000837 —
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicio... read CVE-2018-1000837
Published: December 20, 2018; 10:29:01 AM -05:00
-
CVE-2018-1000838 —
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially c... read CVE-2018-1000838
Published: December 20, 2018; 10:29:01 AM -05:00
-
CVE-2018-11087 —
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in t... read CVE-2018-11087
Published: September 14, 2018; 04:29:00 PM -04:00
-
CVE-2017-1000246 —
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
Published: November 16, 2017; 11:29:00 PM -05:00
-
CVE-2018-11081 —
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A r... read CVE-2018-11081
Published: October 05, 2018; 05:29:00 PM -04:00
-
CVE-2018-15762 —
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who... read CVE-2018-15762
Published: November 02, 2018; 06:29:00 PM -04:00
-
CVE-2018-15795 —
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the... read CVE-2018-15795
Published: November 13, 2018; 09:29:00 AM -05:00
-
CVE-2018-15763 —
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perfo... read CVE-2018-15763
Published: October 05, 2018; 05:29:01 PM -04:00
-
CVE-2018-11082 —
Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA t... read CVE-2018-11082
Published: October 05, 2018; 05:29:00 PM -04:00
-
CVE-2018-12162 —
Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access.
Published: September 12, 2018; 03:29:01 PM -04:00
-
CVE-2018-7802 —
A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.
Published: December 24, 2018; 11:29:00 AM -05:00
-
CVE-2018-7801 —
A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.
Published: December 24, 2018; 11:29:00 AM -05:00
-
CVE-2018-7800 —
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.
Published: December 24, 2018; 11:29:00 AM -05:00
-
CVE-2018-11778 —
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0
Published: October 05, 2018; 03:29:00 PM -04:00
-
CVE-2018-18064 —
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-composi... read CVE-2018-18064
Published: October 08, 2018; 02:29:00 PM -04:00
-
CVE-2018-0718 —
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
Published: September 14, 2018; 08:29:00 AM -04:00