U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,350 matching records.
Displaying matches 131,181 through 131,200.
Vuln ID Summary CVSS Severity
CVE-2018-8944

PHPOK 4.8.338 has an arbitrary file upload vulnerability.

Published: March 22, 2018; 5:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-8943

There is a SQL injection in the PHPSHE 1.6 userbank parameter.

Published: March 22, 2018; 5:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-8942

Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.

Published: March 22, 2018; 5:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-8903

Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.

Published: March 22, 2018; 5:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18244

The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.

Published: March 22, 2018; 5:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18243

The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.

Published: March 22, 2018; 5:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18242

The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.

Published: March 22, 2018; 5:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-7532

Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.

Published: March 22, 2018; 2:29:01 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-7528

An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data.

Published: March 22, 2018; 2:29:01 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2018-7524

A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system.

Published: March 22, 2018; 2:29:01 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-7520

An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration download, including passwords.

Published: March 22, 2018; 2:29:00 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 5.0 MEDIUM
CVE-2018-7516

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans.

Published: March 22, 2018; 2:29:00 PM -0400
V3.0: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2018-7512

A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.

Published: March 22, 2018; 2:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-5509

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.

Published: March 22, 2018; 2:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2018-5505

On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP.

Published: March 22, 2018; 2:29:00 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-5504

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.

Published: March 22, 2018; 2:29:00 PM -0400
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2018-5503

On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action.

Published: March 22, 2018; 2:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-5502

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.

Published: March 22, 2018; 2:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-5731

An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerability is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.

Published: March 22, 2018; 12:29:00 PM -0400
V3.0: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2018-5349

A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site.

Published: March 22, 2018; 12:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM