Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-19648 |
An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF. Published: March 27, 2019; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2019-0161 |
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-0160 |
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-3613 |
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-15585 |
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-14814 |
WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-12545 |
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-12183 |
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-12182 |
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-12181 |
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.0 MEDIUM V2.0: 3.6 LOW |
CVE-2018-12180 |
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-12179 |
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-12178 |
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2017-9626 |
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication. Published: March 27, 2019; 4:29:03 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-7655 |
In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. Published: March 27, 2019; 4:29:02 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-1010257 |
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension. Published: March 27, 2019; 3:30:11 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-3829 |
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. Published: March 27, 2019; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-10238 |
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. Published: March 27, 2019; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-10237 |
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. Published: March 27, 2019; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-1000031 |
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in. Published: March 27, 2019; 2:29:00 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |