Total
310061 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10824 | 2 D-link, Dlink | 16 Dwr-921, Dir-140l, Dir-140l Firmware and 13 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access. | |||||
| CVE-2018-10823 | 2 D-link, Dlink | 8 Dwr-921, Dwr-111, Dwr-111 Firmware and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. | |||||
| CVE-2018-10822 | 2 D-link, Dlink | 16 Dwr-921, Dir-140l, Dir-140l Firmware and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190. | |||||
| CVE-2018-10821 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. | |||||
| CVE-2018-10817 | 1 Severalnines | 1 Clustercontrol | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Severalnines ClusterControl before 1.6.0-4699 allows XSS. | |||||
| CVE-2018-10815 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. | |||||
| CVE-2018-10814 | 1 Synametrics | 1 Synaman | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials. | |||||
| CVE-2018-10813 | 1 Aprendecondedos | 1 Dedos-web | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation. | |||||
| CVE-2018-10812 | 1 Bitpie | 1 Bitcoin Wallet | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS). | |||||
| CVE-2018-10811 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | |||||
| CVE-2018-10810 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | |||||
| CVE-2018-10809 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873. | |||||
| CVE-2018-10806 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. | |||||
| CVE-2018-10805 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | |||||
| CVE-2018-10804 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. | |||||
| CVE-2018-10803 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. | |||||
| CVE-2018-10801 | 1 Libtiff | 1 Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. | |||||
| CVE-2018-10799 | 1 Brave | 1 Brave | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element. | |||||
| CVE-2018-10798 | 1 Brave | 1 Brave | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second. | |||||
| CVE-2018-10796 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014. | |||||