Vulnerabilities (CVE)
Yack CVE helps teams search and track vulnerabilities.
TOTAL
358,413 CVE
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Debian Wireshark2Debian Linux WiresharkJun 17, 2026 Apr 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-l...Show more |
2Debian Wireshark2Debian Linux WiresharkJun 17, 2026 Apr 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. |
2Debian Wireshark2Debian Linux WiresharkJun 17, 2026 Apr 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. |
2Debian Wireshark2Debian Linux WiresharkJun 17, 2026 Apr 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. |
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. |
2Debian Wireshark2Debian Linux WiresharkJun 17, 2026 Apr 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. |
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. |
2Debian Xmlsoft2Debian Linux Libxml2Jun 17, 2026 Apr 4, 2018 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated b...Show more |
interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. |
1Fiberhome 1Vdsl2 Modem Hg 150 Ub Firmware Jun 17, 2026 Apr 4, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. |
1Fiberhome 1Vdsl2 Modem Hg 150 Ub Firmware Jun 17, 2026 Apr 4, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. |
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary P...Show more |
2Ledgersmb Pgobject Util Dbadmin Project2Ledgersmb Pgobject Util DbadminJun 17, 2026 Jun 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injecti...Show more |
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. |
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the m...Show more |
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes ta...Show more |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. |
3Canonical DebianNcmpc Project3Debian Linux NcmpcUbuntu LinuxJun 17, 2026 Apr 3, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. |
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. |
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. |
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. |
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. |
2Canonical Gnupg2Gnupg Ubuntu LinuxJun 17, 2026 Apr 4, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subke...Show more |
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and su...Show more |
Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. |