CVE-2018-20748

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

Source: CVE-2018-20748

CVE-2018-20749

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Source: CVE-2018-20749

CVE-2018-19027

Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

Source: CVE-2018-19027

CVE-2018-19858

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.

Source: CVE-2018-19858

CVE-2018-19782

Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.

Source: CVE-2018-19782

CVE-2018-18895

A version of Castor XML, as used in Cisco WebEx Meetings Server before 2.8MR3 and 3.x before 3.0MR2 patch 1 and other products, allows XXE attacks.

Source: CVE-2018-18895

CVE-2018-19440

ARM Trusted Firmware-A allows information disclosure.

Source: CVE-2018-19440

CVE-2018-17431

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.

Source: CVE-2018-17431

CVE-2018-12611

OX App Suite 7.8.4 and earlier allows Directory Traversal.

Source: CVE-2018-12611

CVE-2018-12610

OX App Suite 7.8.4 and earlier allows Information Exposure.

Source: CVE-2018-12610