CVE-2018-1000004 CVSS:0.0
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. (Last Update:2018-01-16) (Publish Update:2018-01-16)
CVE-2018-1000003 CVSS:0.0
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-1000002 CVSS:0.0
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-6014 CVSS:0.0
Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data. (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-6013 CVSS:0.0
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php. (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-6010 CVSS:0.0
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php. (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-6009 CVSS:0.0
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-6003 CVSS:0.0
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-6002 CVSS:0.0
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). (Last Update:2018-01-22) (Publish Update:2018-01-22)
CVE-2018-6001 CVSS:0.0
The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). (Last Update:2018-01-22) (Publish Update:2018-01-22)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com