New vulnerabilities from the NVD: CVE-2018-16259 (wp_all_import) | | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. Published at: April 12, 2019 at 10:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16258 (wp_all_import) | | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. Published at: April 12, 2019 at 10:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16257 | | There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. Published at: April 12, 2019 at 10:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16256 (wp_all_import) | | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). Published at: April 12, 2019 at 09:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16255 | | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. Published at: April 12, 2019 at 09:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16254 | | There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. Published at: April 12, 2019 at 09:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-13137 | | The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. Published at: April 12, 2019 at 09:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-7772 | | Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Published at: April 12, 2019 at 09:29PM View on website April 15, 2019 at 03:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-7777 | | Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. Published at: April 15, 2019 at 03:31PM View on website April 15, 2019 at 05:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-7776 | | Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. Published at: April 15, 2019 at 03:31PM View on website April 15, 2019 at 05:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-7774 | | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. Published at: April 15, 2019 at 03:31PM View on website April 15, 2019 at 05:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-7773 | | Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. Published at: April 15, 2019 at 03:31PM View on website April 15, 2019 at 05:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-7771 | | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Published at: April 15, 2019 at 03:31PM View on website April 15, 2019 at 05:48PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-18366 | | |
New vulnerabilities from the NVD: CVE-2018-16966 | | There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. Published at: April 16, 2019 at 12:29AM View on website April 16, 2019 at 01:48AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-18489 | | The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. Published at: April 16, 2019 at 10:29PM View on website April 16, 2019 at 11:49PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16561 | | A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16559 | | A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16558 | | A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-13810 | | A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-13809 | | A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-13808 | | A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-13378 | | An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. Published at: April 17, 2019 at 06:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-10959 | | Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch. Published at: April 17, 2019 at 06:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-11430 | | OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-11429 | | Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-11428 | | OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-11427 | | OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Published at: April 17, 2019 at 05:29PM View on website April 17, 2019 at 09:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-0382 | | A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected. Published at: April 18, 2019 at 01:29AM View on website April 18, 2019 at 05:23AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-0248 | | A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability. Published at: April 18, 2019 at 01:29AM View on website April 18, 2019 at 05:23AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-10746 | | libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. Published at: April 18, 2019 at 07:29PM View on website April 18, 2019 at 11:23PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16878 | | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS Published at: April 18, 2019 at 09:29PM View on website April 19, 2019 at 01:23AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-16877 | | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. Published at: April 18, 2019 at 09:29PM View on website April 19, 2019 at 01:23AM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар