Total
323534 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11680 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | N/A |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | ||||
| CVE-2018-11679 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | N/A |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | ||||
| CVE-2018-11678 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | N/A |
| plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. | ||||
| CVE-2018-11671 | 1 Njtech | 1 Greencms | 2024-11-21 | N/A |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle. | ||||
| CVE-2018-11670 | 1 Njtech | 1 Greencms | 2024-11-21 | N/A |
| An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect. | ||||
| CVE-2018-11657 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | N/A |
| ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | ||||
| CVE-2018-11656 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. | ||||
| CVE-2018-11655 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | N/A |
| In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. | ||||
| CVE-2018-11654 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 7.5 High |
| Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. | ||||
| CVE-2018-11653 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 9.8 Critical |
| Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password. | ||||
| CVE-2018-11652 | 1 Cirt.net | 1 Nikto | 2024-11-21 | N/A |
| CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | ||||
| CVE-2018-11651 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. | ||||
| CVE-2018-11650 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. | ||||
| CVE-2018-11649 | 1 Gethue | 1 Hue | 2024-11-21 | N/A |
| Hue 3.12 has XSS via the /pig/save/ name and script parameters. | ||||
| CVE-2018-11647 | 1 Oauth2orize-fprm Project | 1 Oauth2orize-fprm | 2024-11-21 | N/A |
| index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. | ||||
| CVE-2018-11646 | 1 Webkitgtk | 1 Webkitgtk\+ | 2024-11-21 | N/A |
| webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. | ||||
| CVE-2018-11645 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
| psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | ||||
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | ||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | ||||
| CVE-2018-11641 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | ||||