Total
299403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6441 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell. | |||||
| CVE-2018-6440 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack. | |||||
| CVE-2018-6439 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2018-6438 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2018-6437 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2018-6436 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | |||||
| CVE-2018-6435 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access. | |||||
| CVE-2018-6434 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. | |||||
| CVE-2018-6433 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system. | |||||
| CVE-2018-6414 | 1 Hikvision | 1 Ip Cameras | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. | |||||
| CVE-2018-6413 | 1 Hikvision | 2 Ds-2cd9111-s, Ds-2cd9111-s Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request. | |||||
| CVE-2018-6412 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | |||||
| CVE-2018-6411 | 1 Appnitro | 1 Machform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection. | |||||
| CVE-2018-6410 | 1 Appnitro | 1 Machform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. | |||||
| CVE-2018-6409 | 1 Machform | 1 Machform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. | |||||
| CVE-2018-6408 | 1 Conceptronic | 3 Cipcamptiwl, Cipcamptiwl Firmware, Cipcamptiwl Web Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account. | |||||
| CVE-2018-6407 | 1 Conceptronic | 3 Cipcamptiwl, Cipcamptiwl Firmware, Cipcamptiwl Web Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device. | |||||
| CVE-2018-6406 | 1 Webmproject | 1 Libwebm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. | |||||
| CVE-2018-6405 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. | |||||
| CVE-2018-6402 | 1 Ecobee | 2 Ecobee4, Ecobee4 Firmware | 2024-11-21 | 2.9 LOW | 7.5 HIGH |
| Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack. | |||||