Total
316226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18878 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | |||||
| CVE-2018-18877 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. | |||||
| CVE-2018-18876 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. | |||||
| CVE-2018-18875 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | |||||
| CVE-2018-18874 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI. | |||||
| CVE-2018-18873 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | |||||
| CVE-2018-18872 | 1 Kieranoshea | 1 Calendar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI. | |||||
| CVE-2018-18871 | 1 Gigasetpro | 2 Maxwell Basic, Maxwell Basic Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). | |||||
| CVE-2018-18869 | 1 Phome | 1 Empirecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. | |||||
| CVE-2018-18868 | 1 No-cms Project | 1 No-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | |||||
| CVE-2018-18867 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | |||||
| CVE-2018-18865 | 3 Apple, Microsoft, Royalapplications | 4 Macos, Windows, Royal Ts and 1 more | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure. | |||||
| CVE-2018-18864 | 1 Loadbalancer | 1 Enterprise Va Max | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | |||||
| CVE-2018-18863 | 1 Ngahr | 1 Resourcelink | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NGA ResourceLink 20.0.2.1 allows local file inclusion. | |||||
| CVE-2018-18862 | 1 Bmc | 2 Remedy Action Request System, Remedy Mid-tier | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | |||||
| CVE-2018-18861 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. | |||||
| CVE-2018-18860 | 1 Switchvpn | 1 Switchvpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root. | |||||
| CVE-2018-18859 | 1 Liquidvpn | 1 Liquidvpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the value of the "tun_path" or "tap_path" pathname in a kextload() call. | |||||
| CVE-2018-18858 | 1 Liquidvpn | 1 Liquidvpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command. | |||||
| CVE-2018-18857 | 1 Liquidvpn | 1 Liquidvpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "command_line" parameter as a shell command. | |||||