Total
295245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17552 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | |||||
| CVE-2018-17542 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request. | |||||
| CVE-2018-17540 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | |||||
| CVE-2018-17539 | 2 F5, Ipinfusion | 3 Big-ip Local Traffic Manager, Ocnos, Zebos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements. | |||||
| CVE-2018-17538 | 1 Axon | 1 Evidence Sync | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability. | |||||
| CVE-2018-17534 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. | |||||
| CVE-2018-17533 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. | |||||
| CVE-2018-17532 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2018-17502 | 1 Thereceptionist | 1 The Receptionist For Ipad | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails. | |||||
| CVE-2018-17500 | 1 Envoy | 1 Passport | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | |||||
| CVE-2018-17497 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
| eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | |||||
| CVE-2018-17496 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system. | |||||
| CVE-2018-17495 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt. | |||||
| CVE-2018-17494 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system. | |||||
| CVE-2018-17493 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system. | |||||
| CVE-2018-17492 | 1 Hidglobal | 1 Easylobby Solo | 2024-11-21 | 2.1 LOW | 8.4 HIGH |
| EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | |||||
| CVE-2018-17491 | 1 Hidglobal | 1 Easylobby Solo | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer. | |||||
| CVE-2018-17490 | 1 Hidglobal | 1 Easylobby Solo | 2024-11-21 | 3.6 LOW | 7.7 HIGH |
| EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will. | |||||
| CVE-2018-17489 | 1 Hidglobal | 1 Easylobby Solo | 2024-11-21 | 2.1 LOW | 2.9 LOW |
| EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor table of the database, an attacker could exploit this vulnerability to view stored social security numbers. | |||||