NVD

CVE-2018-1935

NVD Vulnerabilities - Thu, 12/06/2018 - 09:29
IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.
Categories: NVD

CVE-2018-9538

NVD Vulnerabilities - Thu, 12/06/2018 - 09:29
In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526.
Categories: NVD

CVE-2018-15332

NVD Vulnerabilities - Thu, 12/06/2018 - 08:29
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.
Categories: NVD

CVE-2018-19907

NVD Vulnerabilities - Thu, 12/06/2018 - 02:29
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.
Categories: NVD

CVE-2018-19894

NVD Vulnerabilities - Wed, 12/05/2018 - 23:29
ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete() in CommentadminController.class.php and is exploitable with the manager privilege via the ids[] parameter in a commentadmin action.
Categories: NVD

CVE-2018-19895

NVD Vulnerabilities - Wed, 12/05/2018 - 23:29
ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action.
Categories: NVD

CVE-2018-19896

NVD Vulnerabilities - Wed, 12/05/2018 - 23:29
ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideController.class.php and is exploitable with the manager privilege via the ids[] parameter in a slide action.
Categories: NVD

CVE-2018-19897

NVD Vulnerabilities - Wed, 12/05/2018 - 23:29
ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in AdminbaseController.class.php and is exploitable with the manager privilege via the listorders[key][1] parameter in a Link listorders action.
Categories: NVD

CVE-2018-19898

NVD Vulnerabilities - Wed, 12/05/2018 - 23:29
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.
Categories: NVD

CVE-2018-19892

NVD Vulnerabilities - Wed, 12/05/2018 - 22:29
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
Categories: NVD

CVE-2018-19893

NVD Vulnerabilities - Wed, 12/05/2018 - 22:29
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
Categories: NVD

CVE-2018-19881

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
Categories: NVD

CVE-2018-19882

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
Categories: NVD

CVE-2018-19886

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.
Categories: NVD

CVE-2018-19887

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case.
Categories: NVD

CVE-2018-19888

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case.
Categories: NVD

CVE-2018-19889

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case.
Categories: NVD

CVE-2018-19890

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case.
Categories: NVD

CVE-2018-19891

NVD Vulnerabilities - Wed, 12/05/2018 - 19:29
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case.
Categories: NVD

CVE-2018-16791

NVD Vulnerabilities - Wed, 12/05/2018 - 17:29
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.
Categories: NVD