Vulnerabilities (CVE)

Total 310019 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10664 1 Axis 780 A1001, A1001 Firmware, A8004-v and 777 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption.
CVE-2018-10663 1 Axis 780 A1001, A1001 Firmware, A8004-v and 777 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation.
CVE-2018-10662 1 Axis 780 A1001, A1001 Firmware, A8004-v and 777 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVE-2018-10661 1 Axis 780 A1001, A1001 Firmware, A8004-v and 777 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVE-2018-10660 1 Axis 780 A1001, A1001 Firmware, A8004-v and 777 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVE-2018-10659 1 Axis 780 A1001, A1001 Firmware, A8004-v and 777 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
CVE-2018-10658 1 Axis 780 A1001, A1001 Firmware, A8004-v and 777 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
CVE-2018-10657 1 Matrix 1 Synapse 2024-11-21 5.0 MEDIUM 7.5 HIGH
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
CVE-2018-10655 1 Devicelock 1 Plug And Play Auditor 2024-11-21 6.8 MEDIUM 7.8 HIGH
DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 has a Unicode Buffer Overflow (SEH).
CVE-2018-10654 1 Citrix 1 Xenmobile Server 2024-11-21 6.8 MEDIUM 8.1 HIGH
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10653 1 Citrix 1 Xenmobile Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10652 1 Citrix 1 Xenmobile Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
CVE-2018-10651 1 Citrix 1 Xenmobile Server 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10650 1 Citrix 1 Xenmobile Server 2024-11-21 6.8 MEDIUM 7.8 HIGH
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10649 1 Citrix 1 Xenmobile Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
CVE-2018-10648 1 Citrix 1 Xenmobile Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10647 1 Safervpn 1 Safervpn 2024-11-21 7.2 HIGH 7.8 HIGH
SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
CVE-2018-10646 1 Cyberghostvpn 1 Cyberghost 2024-11-21 7.2 HIGH 7.8 HIGH
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method accepts a "connectionParams" argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
CVE-2018-10645 1 Goldenfrog 1 Vyprvpn 2024-11-21 7.2 HIGH 7.8 HIGH
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client.
CVE-2018-10642 1 Combodo 1 Itop 2024-11-21 6.5 MEDIUM 7.2 HIGH
Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval().