Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-19517 |
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. Published: November 24, 2018; 1:29:00 PM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19504 |
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. Published: November 23, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19503 |
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. Published: November 23, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19502 |
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. Published: November 23, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19499 |
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. Published: November 23, 2018; 2:29:00 PM -0500 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19492 |
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. Published: November 23, 2018; 12:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19491 |
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. Published: November 23, 2018; 12:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19490 |
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. Published: November 23, 2018; 12:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19486 |
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. Published: November 23, 2018; 3:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19477 |
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Published: November 23, 2018; 12:29:03 AM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19476 |
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Published: November 23, 2018; 12:29:03 AM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19475 |
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Published: November 23, 2018; 12:29:03 AM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19469 |
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. Published: November 23, 2018; 12:29:03 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19468 |
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI. Published: November 23, 2018; 12:29:03 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19464 |
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. Published: November 22, 2018; 4:29:00 PM -0500 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19463 |
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication Published: November 22, 2018; 4:29:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19459 |
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file. Published: November 22, 2018; 3:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19458 |
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. Published: November 22, 2018; 3:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-19457 |
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. Published: November 22, 2018; 3:29:00 PM -0500 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19443 |
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle. Published: November 22, 2018; 2:29:00 PM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |