Total
12469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25004 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.9 Medium |
| A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11. | ||||
| CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2024-11-21 | 8.8 High |
| uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | ||||
| CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | ||||
| CVE-2018-21259 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel. | ||||
| CVE-2018-21141 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2024-11-21 | 4.5 Medium |
| Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. | ||||
| CVE-2018-21140 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-11-21 | 6.5 Medium |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. | ||||
| CVE-2018-21122 | 1 Netgear | 8 Gs110emx, Gs110emx Firmware, Gs810emx and 5 more | 2024-11-21 | 6.5 Medium |
| Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. | ||||
| CVE-2018-21115 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | ||||
| CVE-2018-21092 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | ||||
| CVE-2018-21078 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). | ||||
| CVE-2018-21068 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | ||||
| CVE-2018-21055 | 2 Google, Qualcomm | 2 Android, Msm8996 | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). | ||||
| CVE-2018-21036 | 1 Sailsjs | 1 Sails | 2024-11-21 | 7.5 High |
| Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. | ||||
| CVE-2018-21033 | 4 Hitachi, Linux, Microsoft and 1 more | 11 Automation Director, Compute Systems Manager, Device Manager and 8 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. | ||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.5 High |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | ||||
| CVE-2018-20985 | 1 Payeezy | 1 Wp Payeezy Pay | 2024-11-21 | N/A |
| The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. | ||||
| CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | N/A |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | ||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | N/A |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | ||||
| CVE-2018-20973 | 1 Codeermeneer | 1 Companion Auto Update | 2024-11-21 | N/A |
| The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. | ||||