Total
298656 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3817 | 1 Elastic | 1 Logstash | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. | |||||
| CVE-2018-3815 | 1 Stalker | 1 Communigate Pro | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements. | |||||
| CVE-2018-3814 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension. | |||||
| CVE-2018-3813 | 1 Flir | 6 Brickstream 2300 2d, Brickstream 2300 2d Firmware, Brickstream 2300 3d and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | |||||
| CVE-2018-3811 | 1 Oturia | 1 Smart Google Code Inserter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query. | |||||
| CVE-2018-3810 | 1 Oturia | 1 Smart Google Code Inserter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code. | |||||
| CVE-2018-3809 | 1 Zeit | 1 Serve | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored. | |||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | |||||
| CVE-2018-3786 | 1 Eggjs | 1 Egg-scripts | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. | |||||
| CVE-2018-3785 | 1 Git-dummy-commit Project | 1 Git-dummy-commit | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. | |||||
| CVE-2018-3784 | 1 Cryo Project | 1 Cryo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | |||||
| CVE-2018-3783 | 1 Flintcms | 1 Flintcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. | |||||
| CVE-2018-3781 | 1 Nextcloud | 1 Talk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. | |||||
| CVE-2018-3780 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. | |||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | |||||
| CVE-2018-3777 | 1 Restforce | 1 Restforce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | |||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | |||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | |||||
| CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | |||||