Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2019-0584 —
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win... read CVE-2019-0584
Published: January 08, 2019; 04:29:02 PM -05:00
-
CVE-2018-1000416 —
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access.
Published: January 09, 2019; 06:29:02 PM -05:00
-
CVE-2018-1000413 —
A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages i... read CVE-2018-1000413
Published: January 09, 2019; 06:29:02 PM -05:00
-
CVE-2018-0635 —
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
Published: January 09, 2019; 06:29:00 PM -05:00
-
CVE-2018-0636 —
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
Published: January 09, 2019; 06:29:00 PM -05:00
-
CVE-2018-0637 —
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
Published: January 09, 2019; 06:29:00 PM -05:00
-
CVE-2018-0638 —
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
Published: January 09, 2019; 06:29:01 PM -05:00
-
CVE-2018-20392 —
S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
Published: December 23, 2018; 04:29:01 PM -05:00
-
CVE-2018-16082 —
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Published: January 09, 2019; 02:29:02 PM -05:00
-
CVE-2018-16071 —
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Published: January 09, 2019; 02:29:01 PM -05:00
-
CVE-2018-16079 —
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Published: January 09, 2019; 02:29:02 PM -05:00
-
CVE-2018-20065 —
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.
Published: January 09, 2019; 02:29:03 PM -05:00
-
CVE-2018-17470 —
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Published: January 09, 2019; 02:29:02 PM -05:00
-
CVE-2018-0705 —
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
Published: January 09, 2019; 06:29:02 PM -05:00
-
CVE-2018-0704 —
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
Published: January 09, 2019; 06:29:02 PM -05:00
-
CVE-2018-0703 —
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
Published: January 09, 2019; 06:29:02 PM -05:00
-
CVE-2018-0702 —
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
Published: January 09, 2019; 06:29:02 PM -05:00
-
CVE-2018-20663 —
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
Published: January 03, 2019; 02:29:01 PM -05:00
-
CVE-2018-18584 —
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
Published: October 22, 2018; 10:29:00 PM -04:00
-
CVE-2019-5721 —
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
Published: January 08, 2019; 06:29:00 PM -05:00