CVE-2018-18524
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim’s files and achieve remote execution command on the victim’s computer.
Source: CVE-2018-18524
CVE-2018-15128
An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets.
Source: CVE-2018-15128
CVE-2018-16639
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
Source: CVE-2018-16639
CVE-2019-12041
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.
Source: CVE-2019-12041
CVE-2018-19037
On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface.
Source: CVE-2018-19037
CVE-2018-18558
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.
Source: CVE-2018-18558
CVE-2018-14712
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
Source: CVE-2018-14712
CVE-2018-15530
Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code.
Source: CVE-2018-15530
CVE-2018-14711
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
Source: CVE-2018-14711
CVE-2018-16626
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
Source: CVE-2018-16626