Total
324462 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18396 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18395 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18393 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18392 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18391 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18390 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18389 | 1 Neo4j | 1 Neo4j | 2024-11-21 | N/A |
| Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password. | ||||
| CVE-2018-18388 | 1 Escanav | 1 Escan Anti-virus | 2024-11-21 | N/A |
| eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. | ||||
| CVE-2018-18387 | 1 Playsms Project | 1 Playsms | 2024-11-21 | N/A |
| playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. | ||||
| CVE-2018-18386 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
| drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. | ||||
| CVE-2018-18385 | 1 Asciidoctor | 1 Asciidoctor | 2024-11-21 | N/A |
| Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop. | ||||
| CVE-2018-18384 | 2 Redhat, Unzip Project | 2 Enterprise Linux, Unzip | 2024-11-21 | N/A |
| Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. | ||||
| CVE-2018-18382 | 1 Coderpixel | 1 Advanced Hrm | 2024-11-21 | N/A |
| Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action. | ||||
| CVE-2018-18381 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 5.4 Medium |
| Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. | ||||
| CVE-2018-18380 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | N/A |
| A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session. | ||||
| CVE-2018-18379 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 6.1 Medium |
| The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. | ||||
| CVE-2018-18377 | 1 Orange | 2 Airbox, Airbox Firmware | 2024-11-21 | N/A |
| goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | ||||
| CVE-2018-18376 | 1 Orange | 2 Airbox, Airbox Firmware | 2024-11-21 | N/A |
| goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. | ||||
| CVE-2018-18375 | 1 Orange | 2 Airbox, Airbox Firmware | 2024-11-21 | N/A |
| goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | ||||