NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

There are 240,698 matching records.

Displaying matches 130,021 through 130,040.

Vuln ID	Summary	CVSS Severity
CVE-2018-1000836	bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious server. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 9.0 CRITICAL V2.0: 6.8 MEDIUM
CVE-2018-1000835	KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.1: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000834	runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 9.0 CRITICAL V2.0: 6.8 MEDIUM
CVE-2018-1000833	ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000832	ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH
CVE-2018-1000831	K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000830	XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000829	Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 9.0 CRITICAL V2.0: 6.8 MEDIUM
CVE-2018-1000828	FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.1: 9.0 CRITICAL V2.0: 6.8 MEDIUM
CVE-2018-1000827	Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000826	Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2018-1000825	FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file. Published: December 20, 2018; 10:29:01 AM -0500	V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000824	MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000823	exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.1: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000822	codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b. Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000821	MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8. Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000820	neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c. Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 7.5 HIGH
CVE-2018-1000817	Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially crafted GET request containing directory traversal from assets-pipeline context. This vulnerability appears to have been fixed in 2.14.1.1 (for Grails 2.x), 2.15.1 (for Grails 3 and Java 7) and 3.0.6 (for Grails 3 and Java 8). Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2018-1000816	Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.. Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW
CVE-2018-1000815	Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2. Published: December 20, 2018; 10:29:00 AM -0500	V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM