NVD

CVE-2018-16050

NVD Vulnerabilities - Wed, 10/03/2018 - 12:29
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.
Categories: NVD

CVE-2018-16051

NVD Vulnerabilities - Wed, 10/03/2018 - 12:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
Categories: NVD

CVE-2018-3967

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-3993

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-3994

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-3995

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-3946

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-3964

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-3965

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-3966

NVD Vulnerabilities - Wed, 10/03/2018 - 11:29
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Categories: NVD

CVE-2018-1793

NVD Vulnerabilities - Wed, 10/03/2018 - 10:29
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948.
Categories: NVD

CVE-2018-1794

NVD Vulnerabilities - Wed, 10/03/2018 - 10:29
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949.
Categories: NVD

CVE-2018-14800

NVD Vulnerabilities - Wed, 10/03/2018 - 09:29
Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application.
Categories: NVD

CVE-2018-6689

NVD Vulnerabilities - Wed, 10/03/2018 - 08:29
Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions.
Categories: NVD

CVE-2018-17938

NVD Vulnerabilities - Wed, 10/03/2018 - 04:29
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
Categories: NVD

CVE-2018-17942

NVD Vulnerabilities - Wed, 10/03/2018 - 04:29
The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
Categories: NVD

CVE-2018-17946

NVD Vulnerabilities - Wed, 10/03/2018 - 04:29
The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.
Categories: NVD

CVE-2018-17947

NVD Vulnerabilities - Wed, 10/03/2018 - 04:29
The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.
Categories: NVD