Total
299487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7703 | 1 Securenvoy | 1 Securmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe. | |||||
| CVE-2018-7702 | 1 Securenvoy | 1 Securmail | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization. | |||||
| CVE-2018-7701 | 1 Securenvoy | 1 Securmail | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe. | |||||
| CVE-2018-7700 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | |||||
| CVE-2018-7698 | 1 D-link | 1 Mydlink\+ | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge. | |||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | |||||
| CVE-2018-7691 | 1 Microfocus | 1 Fortify Software Security Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2018-7690 | 1 Microfocus | 1 Fortify Software Security Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2018-7689 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. | |||||
| CVE-2018-7688 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. | |||||
| CVE-2018-7687 | 1 Microfocus | 1 Client | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | |||||
| CVE-2018-7686 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | |||||
| CVE-2018-7685 | 1 Opensuse | 1 Libzypp | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. | |||||
| CVE-2018-7683 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | |||||
| CVE-2018-7682 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | |||||
| CVE-2018-7681 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. | |||||
| CVE-2018-7680 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | |||||
| CVE-2018-7679 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | |||||
| CVE-2018-7678 | 1 Netiq | 1 Access Manager | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. | |||||
| CVE-2018-7677 | 1 Netiq | 1 Access Manager | 2024-11-21 | 6.8 MEDIUM | 3.5 LOW |
| A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. | |||||