Total
324546 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10689 | 2 Blktrace Project, Redhat | 2 Blktrace, Enterprise Linux | 2024-11-21 | N/A |
| blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. | ||||
| CVE-2018-10686 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | ||||
| CVE-2018-10685 | 1 Long Range Zip Project | 1 Long Range Zip | 2024-11-21 | N/A |
| In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-10683 | 1 Redhat | 1 Wildfly | 2024-11-21 | 9.8 Critical |
| An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that "without a security realm reference" implies "effectively unsecured." The vendor explicitly supports these unsecured configurations because they have valid use cases during development | ||||
| CVE-2018-10682 | 1 Wildfly | 1 Wildfly | 2024-11-21 | 9.8 Critical |
| An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. NOTE: the vendor indicates that anonymous access is not available in the default installation; however, it remains optional because there are several use cases for it, including development environments and network architectures that have a proxy server for access control to the WildFly server | ||||
| CVE-2018-10680 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug. | ||||
| CVE-2018-10678 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. | ||||
| CVE-2018-10677 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | N/A |
| The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file. | ||||
| CVE-2018-10676 | 1 Tbkvision | 4 Tbk-dvr4104, Tbk-dvr4104 Firmware, Tbk-dvr4216 and 1 more | 2024-11-21 | N/A |
| CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. | ||||
| CVE-2018-10675 | 3 Canonical, Linux, Redhat | 16 Ubuntu Linux, Linux Kernel, Enterprise Linux and 13 more | 2024-11-21 | 7.8 High |
| The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | ||||
| CVE-2018-10666 | 1 Auroradao | 1 Idex Membership | 2024-11-21 | N/A |
| The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables. | ||||
| CVE-2018-10665 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | ||||
| CVE-2018-10664 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | ||||
| CVE-2018-10663 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | ||||
| CVE-2018-10662 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | ||||
| CVE-2018-10661 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. | ||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | ||||
| CVE-2018-10659 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. | ||||
| CVE-2018-10658 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. | ||||
| CVE-2018-10657 | 1 Matrix | 1 Synapse | 2024-11-21 | N/A |
| Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. | ||||