Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2017-5461 —
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i... read CVE-2017-5461
Published: May 10, 2017; 09:29:05 PM -04:00
-
CVE-2018-8838 —
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CE... read CVE-2018-8838
Published: April 17, 2018; 05:29:00 PM -04:00
-
CVE-2002-0848 —
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation ret... read CVE-2002-0848
Published: August 12, 2002; 12:00:00 AM -04:00
-
CVE-2001-1056 —
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause... read CVE-2001-1056
Published: July 30, 2001; 12:00:00 AM -04:00
-
CVE-2018-4010 —
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the sy... read CVE-2018-4010
Published: September 07, 2018; 11:29:01 AM -04:00
-
CVE-2018-3952 —
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.
Published: September 07, 2018; 11:29:01 AM -04:00
-
CVE-2017-10936 —
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
Published: July 25, 2018; 11:29:00 AM -04:00
-
CVE-2017-5985 —
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Published: March 14, 2017; 01:59:00 PM -04:00
-
CVE-2017-10937 —
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
Published: July 25, 2018; 11:29:00 AM -04:00
-
CVE-2018-6677 —
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
Published: July 23, 2018; 09:29:00 AM -04:00
-
CVE-2018-1999023 —
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted... read CVE-2018-1999023
Published: July 23, 2018; 12:29:00 PM -04:00
-
CVE-2018-1999020 —
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (... read CVE-2018-1999020
Published: July 23, 2018; 11:29:00 AM -04:00
-
CVE-2018-1999009 —
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack app... read CVE-2018-1999009
Published: July 23, 2018; 11:29:00 AM -04:00
-
CVE-2018-14573 —
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences... read CVE-2018-14573
Published: July 23, 2018; 07:29:00 PM -04:00
-
CVE-2018-14565 —
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
Published: July 23, 2018; 10:29:00 AM -04:00
-
CVE-2018-14564 —
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
Published: July 23, 2018; 10:29:00 AM -04:00
-
CVE-2018-14563 —
An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption.
Published: July 23, 2018; 10:29:00 AM -04:00
-
CVE-2018-14562 —
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.
Published: July 23, 2018; 10:29:00 AM -04:00
-
CVE-2018-14549 —
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.
Published: July 23, 2018; 04:29:00 AM -04:00
-
CVE-2018-14335 —
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
Published: July 24, 2018; 09:29:00 AM -04:00