Total
322258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10735 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | ||||
| CVE-2018-10734 | 1 Kongtop | 10 A303, A303 Firmware, A403 and 7 more | 2024-11-21 | N/A |
| KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. | ||||
| CVE-2018-10733 | 3 Gnome, Opensuse, Redhat | 7 Libgxps, Leap, Ansible Tower and 4 more | 2024-11-21 | N/A |
| There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2018-10732 | 1 Dataiku | 1 Data Science Studio | 2024-11-21 | N/A |
| The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility. | ||||
| CVE-2018-10731 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | N/A |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). | ||||
| CVE-2018-10730 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | N/A |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. | ||||
| CVE-2018-10729 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | N/A |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. | ||||
| CVE-2018-10728 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | N/A |
| All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731). | ||||
| CVE-2018-10727 | 1 Fabrikar | 1 Fabrik | 2024-11-21 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | ||||
| CVE-2018-10726 | 1 Datenstrom | 1 Yellow | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS | ||||
| CVE-2018-10723 | 1 Rangerstudio | 1 Directus | 2024-11-21 | N/A |
| Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql. | ||||
| CVE-2018-10722 | 1 Cylance | 1 Cylanceprotect | 2024-11-21 | N/A |
| In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses. | ||||
| CVE-2018-10718 | 1 Activision | 1 Call Of Duty Modern Warfare 2 | 2024-11-21 | N/A |
| Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets. | ||||
| CVE-2018-10717 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | N/A |
| The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677. | ||||
| CVE-2018-10716 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | N/A |
| An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly considered. | ||||
| CVE-2018-10713 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | N/A |
| An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code. | ||||
| CVE-2018-10712 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2024-11-21 | N/A |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | ||||
| CVE-2018-10711 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2024-11-21 | N/A |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. | ||||
| CVE-2018-10710 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2024-11-21 | N/A |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. | ||||
| CVE-2018-10709 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2024-11-21 | N/A |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | ||||