| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. |
| In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). |
| In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. |
| \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. |
| CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. |
| \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. |
| Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. |
| feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. |
| razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. |
| razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. |
| An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." |
| An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020. |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305. |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306. |
| In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304. |
| In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482. |
| An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. |
| A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. |
| A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. |
