CWE:
 

Topic
Date
Author
Med.
Designed by Longtail E-Media Improper Access Control and RFU Vulnerability
22.09.2018
AYAR
Low
WordPress Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability
05.09.2018
KingSkrupellos
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Solarwinds LEM 6.3.1 Hardcoded Credentials
25.04.2017
Matt Bergin
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
Med.
SAP HANA Information Disclosure
28.05.2015
onapsis
High
TheCartPress WordPress plugin 1.3.9 Multiple Vulns
29.04.2015
High-Tech Bridge Secur...
Low
SAP Background Processing RFC Missing Authorization
29.04.2014
Onapsis
Low
SAP BASIS Missing Authorization Check
29.04.2014
Onapsis
Low
SAP Profile Maintenance Missing Authorization
29.04.2014
Onapsis
High
OpenDocMan 1.2.7 Multiple Vulnerabilities
05.03.2014
High-Tech Bridge Secur...
High
Microweber 0.8 Arbitrary File Deletion
18.10.2013
High-Tech Bridge Secur...
High
Samsung Kies 2.3.2.12054_20 NULL Pointer Dereference and bypass
16.10.2012
High-Tech Bridge Secur...
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
AWScripts Gallery Search Engine 1.x Insecure Cookie Vulnerability
01.07.2009
TiGeR-Dz


CVEMAP Search Results

CVE
Details
Description
2018-11-25
Low
CVE-2018-19539

Vendor: Jasper project
Software: Jasper
 

 
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

 
2018-11-19
Medium
CVE-2018-17190

Vendor: Apache
Software: Spark
 

 
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.

 
2018-11-17
Medium
CVE-2018-19329

Vendor: Greencms
Software: Greencms
 

 
GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button.

 
Medium
CVE-2018-19333

Updating...
 

 
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.

 
2018-11-15
Medium
CVE-2018-0682

Vendor: NEO
Software: Debun imap
 

 
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors.

 
Medium
CVE-2018-0690

Vendor: SONY
Software: Music center...
 

 
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.

 
Medium
CVE-2018-0701

Vendor: Bluestacks
Software: Bluestacks
 

 
BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access.

 
Medium
CVE-2018-16163

Vendor: Opendolphin
Software: Opendolphin
 

 
OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors.

 
Medium
CVE-2018-16620

Vendor: Sonatype
Software: Nexus
 

 
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.

 
2018-11-13
High
CVE-2018-8256

Vendor: Microsoft
Software: Microsoft.po...
 

 
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top