Total
299253 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20965 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 2.0.4 for WordPress has XSS. | |||||
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | |||||
| CVE-2018-20963 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | |||||
| CVE-2018-20962 | 1 Backpackforlaravel | 1 Backpack\\crud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. | |||||
| CVE-2018-20961 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2018-20960 | 1 Nespresso | 2 Prodigo, Prodigo Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| Nespresso Prodigio devices lack Bluetooth connection security. | |||||
| CVE-2018-20959 | 1 Jura | 2 E8, E8 Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| Jura E8 devices lack Bluetooth connection security. | |||||
| CVE-2018-20958 | 1 Tapplock | 2 Tapplock, Tapplock Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. | |||||
| CVE-2018-20957 | 1 Tapplock | 2 One\+, One\+ Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | |||||
| CVE-2018-20956 | 1 Swann | 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. | |||||
| CVE-2018-20955 | 1 Swann | 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. | |||||
| CVE-2018-20954 | 1 Mailpile | 1 Mailpile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | |||||
| CVE-2018-20953 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | |||||
| CVE-2018-20952 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | |||||
| CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||||
| CVE-2018-20950 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | |||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | |||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||||
| CVE-2018-20947 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | |||||
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | |||||