Total
324486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10946 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2024-11-21 | N/A |
| An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI. | ||||
| CVE-2018-10945 | 1 Cesanta | 1 Mongoose | 2024-11-21 | N/A |
| The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | ||||
| CVE-2018-10944 | 1 Rasputinonline | 1 Rasputin Online Coin | 2024-11-21 | N/A |
| The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether. | ||||
| CVE-2018-10943 | 1 Barco | 4 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 1 more | 2024-11-21 | N/A |
| An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit. | ||||
| CVE-2018-10942 | 2 Attribute Wizard Project, Prestashop | 2 Attribute Wizard, Prestashop | 2024-11-21 | N/A |
| modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file. | ||||
| CVE-2018-10940 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. | ||||
| CVE-2018-10939 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | ||||
| CVE-2018-10938 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw. | ||||
| CVE-2018-10937 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | N/A |
| A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim. | ||||
| CVE-2018-10936 | 2 Postgresql, Redhat | 2 Postgresql Jdbc Driver, Enterprise Linux | 2024-11-21 | N/A |
| A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. | ||||
| CVE-2018-10935 | 1 Redhat | 2 389 Directory Server, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. | ||||
| CVE-2018-10934 | 1 Redhat | 4 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Single Sign On and 1 more | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. | ||||
| CVE-2018-10933 | 6 Canonical, Debian, Libssh and 3 more | 10 Ubuntu Linux, Debian Linux, Libssh and 7 more | 2024-11-21 | N/A |
| A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. | ||||
| CVE-2018-10932 | 2 Intel, Redhat | 2 Lldptool, Enterprise Linux | 2024-11-21 | N/A |
| lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. | ||||
| CVE-2018-10931 | 2 Cobbler Project, Redhat | 3 Cobbler, Network Satellite, Satellite | 2024-11-21 | N/A |
| It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. | ||||
| CVE-2018-10930 | 4 Debian, Gluster, Opensuse and 1 more | 8 Debian Linux, Glusterfs, Leap and 5 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. | ||||
| CVE-2018-10929 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. | ||||
| CVE-2018-10928 | 4 Debian, Gluster, Opensuse and 1 more | 8 Debian Linux, Glusterfs, Leap and 5 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. | ||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.1 High |
| A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | ||||
| CVE-2018-10926 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | ||||