Total
299231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21024 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||||
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | |||||
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | |||||
| CVE-2018-21019 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. | |||||
| CVE-2018-21018 | 1 Joinmastodon | 1 Mastodon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | |||||
| CVE-2018-21017 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. | |||||
| CVE-2018-21016 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2018-21015 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. | |||||
| CVE-2018-21014 | 1 Buddyboss | 1 Buddymoss Media | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. | |||||
| CVE-2018-21013 | 1 Upperthemes | 1 Swape | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. | |||||
| CVE-2018-21012 | 1 Vsourz | 1 Cf7 Invisible Recaptcha | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. | |||||
| CVE-2018-21011 | 1 Wpcharitable | 1 Charitable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. | |||||
| CVE-2018-21010 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | |||||
| CVE-2018-21009 | 1 Freedesktop | 1 Poppler | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | |||||
| CVE-2018-21008 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. | |||||
| CVE-2018-21007 | 1 Wisetr | 1 User Email Verification For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | |||||
| CVE-2018-21006 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. | |||||
| CVE-2018-21005 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. | |||||