| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7226 | Cri | 0.64 | 9.8 | 0.02 | Feb 19, 2018 | An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a… | ||
| CVE-2018-7225 | Cri | 0.64 | 9.8 | 0.06 | Feb 19, 2018 | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via… | ||
| CVE-2017-16924 | Cri | 0.64 | 9.8 | 0.09 | Feb 19, 2018 | Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL,… | ||
| CVE-2018-6024 | Cri | 0.67 | 9.8 | 0.03 | Feb 18, 2018 | SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter. | ||
| CVE-2018-7180 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. | ||
| CVE-2018-7179 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | ||
| CVE-2018-7178 | Cri | 0.67 | 9.8 | 0.04 | Feb 17, 2018 | SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. | ||
| CVE-2018-7177 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. | ||
| CVE-2018-6585 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. | ||
| CVE-2018-6584 | Cri | 0.67 | 9.8 | 0.04 | Feb 17, 2018 | SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | ||
| CVE-2018-6583 | Cri | 0.68 | 9.8 | 0.19 | Feb 17, 2018 | SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | ||
| CVE-2018-6396 | Cri | 0.69 | 9.8 | 0.24 | Feb 17, 2018 | SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. | ||
| CVE-2018-6394 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action. | ||
| CVE-2018-6373 | Cri | 0.67 | 9.8 | 0.02 | Feb 17, 2018 | SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action. | ||
| CVE-2018-6372 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter. | ||
| CVE-2018-6370 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI. | ||
| CVE-2018-6368 | — | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |
| CVE-2018-6006 | Cri | 0.68 | 9.8 | 0.19 | Feb 17, 2018 | SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | ||
| CVE-2018-6005 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | ||
| CVE-2018-6004 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | ||
| CVE-2018-5994 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request. | ||
| CVE-2018-5993 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request. | ||
| CVE-2018-5992 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request. | ||
| CVE-2018-5991 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. | ||
| CVE-2018-5990 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. | ||
| CVE-2018-5989 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | ||
| CVE-2018-5987 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay… | ||
| CVE-2018-5983 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. | ||
| CVE-2018-5982 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. | ||
| CVE-2018-5981 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. | ||
| CVE-2018-5980 | Cri | 0.67 | 9.8 | 0.04 | Feb 17, 2018 | SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. | ||
| CVE-2018-5975 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. | ||
| CVE-2018-5974 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. | ||
| CVE-2018-5971 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. | ||
| CVE-2018-5970 | Cri | 0.67 | 9.8 | 0.03 | Feb 17, 2018 | SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. | ||
| CVE-2018-7186 | Cri | 0.00 | 9.8 | 0.03 | Feb 16, 2018 | Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by… | ||
| CVE-2018-5767 | Cri | 0.70 | 9.8 | 0.48 | Feb 15, 2018 | An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. | ||
| CVE-2017-8981 | — | Cri | 0.64 | 9.8 | 0.09 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found. | |
| CVE-2017-8979 | — | Cri | 0.64 | 9.8 | 0.05 | Feb 15, 2018 | Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. | |
| CVE-2017-8977 | Cri | 0.59 | 9.1 | 0.04 | Feb 15, 2018 | A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | ||
| CVE-2017-8976 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | ||
| CVE-2017-8975 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | ||
| CVE-2017-8960 | — | Cri | 0.64 | 9.8 | 0.02 | Feb 15, 2018 | An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found. | |
| CVE-2017-8957 | — | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |
| CVE-2017-8956 | — | Cri | 0.65 | 9.8 | 0.10 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. | |
| CVE-2017-8954 | — | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |
| CVE-2017-8948 | — | Cri | 0.64 | 9.8 | 0.08 | Feb 15, 2018 | A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found. | |
| CVE-2017-8947 | — | Cri | 0.66 | 9.8 | 0.30 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found. | |
| CVE-2017-5824 | Cri | 0.65 | 9.8 | 0.20 | Feb 15, 2018 | An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2017-5823 | Cri | 0.65 | 9.8 | 0.19 | Feb 15, 2018 | A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found. |
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a…
- risk 0.64cvss 9.8epss 0.06
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via…
- risk 0.64cvss 9.8epss 0.09
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL,…
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
- risk 0.67cvss 9.8epss 0.04
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
- risk 0.67cvss 9.8epss 0.04
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
- risk 0.68cvss 9.8epss 0.19
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
- risk 0.69cvss 9.8epss 0.24
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
- risk 0.67cvss 9.8epss 0.02
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
- risk 0.68cvss 9.8epss 0.19
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay…
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.
- risk 0.67cvss 9.8epss 0.04
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
- risk 0.00cvss 9.8epss 0.03
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by…
- risk 0.70cvss 9.8epss 0.48
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
- risk 0.64cvss 9.8epss 0.09
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.
- risk 0.64cvss 9.8epss 0.05
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.
- risk 0.59cvss 9.1epss 0.04
A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
- risk 0.64cvss 9.8epss 0.02
An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.65cvss 9.8epss 0.10
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
- risk 0.64cvss 9.8epss 0.08
A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.
- risk 0.66cvss 9.8epss 0.30
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.
- risk 0.65cvss 9.8epss 0.20
An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.65cvss 9.8epss 0.19
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.