Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 30123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18506 5 Canonical, Debian, Mozilla and 2 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.
CVE-2018-18497 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.
CVE-2018-18489 1 Tp-link 2 Wr840n, Wr840n Firmware 2024-11-21 6.8 MEDIUM 4.9 MEDIUM
The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.
CVE-2018-18442 2 D-link, Dlink 2 Dcs-825l Firmware, Dcs-825l 2024-11-21 7.8 HIGH 7.5 HIGH
D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding.
CVE-2018-18396 1 Moxa 1 Thingspro 2024-11-21 7.5 HIGH 9.8 CRITICAL
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18395 1 Moxa 1 Thingspro 2024-11-21 10.0 HIGH 9.8 CRITICAL
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18393 1 Moxa 1 Thingspro 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18392 1 Moxa 1 Thingspro 2024-11-21 6.5 MEDIUM 8.8 HIGH
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18391 1 Moxa 1 Thingspro 2024-11-21 6.5 MEDIUM 8.8 HIGH
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18388 1 Escanav 1 Escan Anti-virus 2024-11-21 7.5 HIGH 9.8 CRITICAL
eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222.
CVE-2018-18365 1 Symantec 1 Norton Password Manager 2024-11-21 5.0 MEDIUM 7.5 HIGH
Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
CVE-2018-18363 1 Symantec 1 Norton App Lock 2024-11-21 7.2 HIGH 6.2 MEDIUM
Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
CVE-2018-18357 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-18355 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-18353 3 Debian, Google, Redhat 6 Debian Linux, Android, Chrome and 3 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
CVE-2018-18350 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2018-18348 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-18346 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
CVE-2018-18345 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
CVE-2018-18330 1 Trendmicro 1 Dr. Safety 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for Android (Consumer) versions 3.0.1324 and below could allow an attacker to potentially trick a victim into visiting a malicious URL using address bar spoofing on the Private Browser of the app on vulnerable installations.