Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2018-8455 —
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows... read CVE-2018-8455
Published: September 12, 2018; 08:29:05 PM -04:00
-
CVE-2018-8475 —
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,... read CVE-2018-8475
Published: September 12, 2018; 08:29:07 PM -04:00
-
CVE-2018-9081 —
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add... read CVE-2018-9081
Published: September 28, 2018; 04:29:01 PM -04:00
-
CVE-2018-17868 —
DASAN H660GW devices have Stored XSS in the Port Forwarding functionality.
Published: October 01, 2018; 07:29:00 PM -04:00
-
CVE-2018-17595 —
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
Published: October 02, 2018; 02:29:02 PM -04:00
-
CVE-2018-17596 —
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
Published: October 02, 2018; 02:29:02 PM -04:00
-
CVE-2018-17886 —
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete... read CVE-2018-17886
Published: October 02, 2018; 02:29:02 PM -04:00
-
CVE-2018-17947 —
The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.
Published: October 03, 2018; 04:29:00 AM -04:00
-
CVE-2018-17876 —
A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product.
Published: October 04, 2018; 03:29:00 PM -04:00
-
CVE-2018-17946 —
The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.
Published: October 03, 2018; 04:29:00 AM -04:00
-
CVE-2016-0750 —
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code executi... read CVE-2016-0750
Published: September 11, 2018; 09:29:00 AM -04:00
-
CVE-2016-7068 —
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which mi... read CVE-2016-7068
Published: September 11, 2018; 09:29:00 AM -04:00
-
CVE-2016-7071 —
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they... read CVE-2016-7071
Published: September 10, 2018; 11:29:00 AM -04:00
-
CVE-2016-7074 —
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing ch... read CVE-2016-7074
Published: September 11, 2018; 09:29:01 AM -04:00
-
CVE-2016-7073 —
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing ch... read CVE-2016-7073
Published: September 11, 2018; 09:29:01 AM -04:00
-
CVE-2016-7066 —
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
Published: September 11, 2018; 10:29:00 AM -04:00
-
CVE-2018-8332 —
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R... read CVE-2018-8332
Published: September 12, 2018; 08:29:00 PM -04:00
-
CVE-2018-8430 —
A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office.
Published: September 12, 2018; 08:29:03 PM -04:00
-
CVE-2018-8331 —
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
Published: September 12, 2018; 08:29:00 PM -04:00
-
CVE-2018-10937 —
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim.
Published: September 11, 2018; 12:29:00 PM -04:00