ReportizFlow
Filtered by vendor
Subscriptions
Total
322231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16761 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| Eventum before 3.4.0 has an open redirect vulnerability. | ||||
| CVE-2018-16759 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | ||||
| CVE-2018-16758 | 3 Debian, Starwindsoftware, Tinc-vpn | 3 Debian Linux, Starwind Virtual San, Tinc | 2024-11-21 | 5.9 Medium |
| Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | ||||
| CVE-2018-16752 | 1 Linknet-usa | 2 Lw-n605r, Lw-n605r Firmware | 2024-11-21 | N/A |
| LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases. | ||||
| CVE-2018-16750 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. | ||||
| CVE-2018-16749 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.5 Medium |
| In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. | ||||
| CVE-2018-16745 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. | ||||
| CVE-2018-16744 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. | ||||
| CVE-2018-16743 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | ||||
| CVE-2018-16742 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. | ||||
| CVE-2018-16741 | 2 Debian, Mgetty Project | 2 Debian Linux, Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command. | ||||
| CVE-2018-16739 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | 8.8 High |
| An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges. | ||||
| CVE-2018-16738 | 3 Debian, Starwindsoftware, Tinc-vpn | 3 Debian Linux, Starwind Virtual San, Tinc | 2024-11-21 | 3.7 Low |
| tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. | ||||
| CVE-2018-16737 | 2 Starwindsoftware, Tinc-vpn | 2 Starwind Virtual San, Tinc | 2024-11-21 | 5.3 Medium |
| tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. | ||||
| CVE-2018-16736 | 1 Rcfilters Project | 1 Rcfilters | 2024-11-21 | N/A |
| In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). | ||||
| CVE-2018-16733 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | N/A |
| In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. | ||||
| CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | ||||
| CVE-2018-16731 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data. | ||||
| CVE-2018-16730 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | ||||
| CVE-2018-16729 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | ||||