ReportizFlow
Filtered by vendor
Subscriptions
Total
322231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15817 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file. | ||||
| CVE-2018-15816 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d7d via a crafted image file. | ||||
| CVE-2018-15815 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file. | ||||
| CVE-2018-15814 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000001cb509 via a crafted image file. | ||||
| CVE-2018-15813 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 6.5 has a User Mode Write AV starting at image00400000+0x00000000000e1237 via a crafted image file. | ||||
| CVE-2018-15812 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | ||||
| CVE-2018-15810 | 1 Visiology | 1 Flipbox | 2024-11-21 | N/A |
| Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | ||||
| CVE-2018-15809 | 1 Accupos | 1 Accupos | 2024-11-21 | N/A |
| AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files. | ||||
| CVE-2018-15808 | 1 Posim | 1 Evo | 2024-11-21 | N/A |
| POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients. | ||||
| CVE-2018-15807 | 1 Posim | 1 Evo | 2024-11-21 | N/A |
| POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt. | ||||
| CVE-2018-15805 | 1 Accusoft | 1 Prizmdoc | 2024-11-21 | N/A |
| Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption). | ||||
| CVE-2018-15804 | 1 Mapr | 1 Mapr | 2024-11-21 | N/A |
| An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919. | ||||
| CVE-2018-15801 | 1 Vmware | 1 Spring Framework | 2024-11-21 | 7.4 High |
| Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. | ||||
| CVE-2018-15800 | 1 Cloud Foundry | 1 Bits Service | 2024-11-21 | N/A |
| Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage. | ||||
| CVE-2018-15798 | 1 Pivotal Software | 1 Concourse | 2024-11-21 | N/A |
| Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. | ||||
| CVE-2018-15797 | 1 Pivotal Software | 1 Cloud Foundry Nfs Volume | 2024-11-21 | N/A |
| Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand. | ||||
| CVE-2018-15796 | 1 Pivotal Software | 1 Bits Service | 2024-11-21 | N/A |
| Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage. | ||||
| CVE-2018-15795 | 1 Pivotal Software | 1 Credhub Service Broker | 2024-11-21 | N/A |
| Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service. | ||||
| CVE-2018-15784 | 1 Dell | 1 Networking Os10 | 2024-11-21 | N/A |
| Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | ||||
| CVE-2018-15782 | 1 Rsa | 1 Authentication Manager | 2024-11-21 | N/A |
| The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system. | ||||