• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-20

CVE-2018-12712

February 26, 2023 by

An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the “class_exists” function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.

CVE-2018-12635

February 26, 2023 by

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.

CVE-2018-12543

February 26, 2023 by

In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.

CVE-2018-12549

February 26, 2023 by

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

CVE-2018-12561

February 26, 2023 by

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.

CVE-2018-12562

February 26, 2023 by

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script ‘mount.cifs.wrapper’ uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 245
  • Go to page 246
  • Go to page 247
  • Go to page 248
  • Go to page 249
  • Interim pages omitted …
  • Go to page 681
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE