ReportizFlow
Filtered by vendor
Subscriptions
Total
322137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15531 | 1 Javamelody Project | 1 Javamelody | 2024-11-21 | N/A |
| JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | ||||
| CVE-2018-15530 | 1 Xerox | 2 Colorqube 8580, Colorqube 8580 Firmware | 2024-11-21 | N/A |
| Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code. | ||||
| CVE-2018-15529 | 1 Mutiny | 1 Mutiny | 2024-11-21 | N/A |
| A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. | ||||
| CVE-2018-15528 | 1 Javasystemsolutions | 1 Sso Plugin | 2024-11-21 | N/A |
| Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button. | ||||
| CVE-2018-15520 | 1 Lexmark | 68 Cx421, Cx421 Firmware, Cx522 and 65 more | 2024-11-21 | N/A |
| Various Lexmark devices have a Buffer Overflow (issue 2 of 2). | ||||
| CVE-2018-15519 | 1 Lexmark | 64 6500, 6500 Firmware, Cx310 and 61 more | 2024-11-21 | N/A |
| Various Lexmark devices have a Buffer Overflow (issue 1 of 2). | ||||
| CVE-2018-15518 | 4 Debian, Opensuse, Qt and 1 more | 4 Debian Linux, Leap, Qt and 1 more | 2024-11-21 | N/A |
| QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | ||||
| CVE-2018-15517 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | N/A |
| The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | ||||
| CVE-2018-15516 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | N/A |
| The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | ||||
| CVE-2018-15515 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | N/A |
| The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. | ||||
| CVE-2018-15514 | 1 Docker | 1 Docker | 2024-11-21 | N/A |
| HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. | ||||
| CVE-2018-15513 | 1 Totemo | 1 Totemomail | 2024-11-21 | N/A |
| Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | ||||
| CVE-2018-15512 | 1 Totemo | 1 Totemomail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-15511 | 1 Totemo | 1 Totemomail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-15510 | 1 Totemo | 1 Totemomail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-15509 | 1 Five9 | 1 Agent Desktop Plus | 2024-11-21 | N/A |
| Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2). | ||||
| CVE-2018-15508 | 1 Five9 | 1 Agent Desktop Plus | 2024-11-21 | N/A |
| Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2). | ||||
| CVE-2018-15506 | 1 Bubblesoftapps | 1 Bubbleupnp | 2024-11-21 | N/A |
| In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running BubbleUPnP, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack the cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. | ||||
| CVE-2018-15505 | 2 Embedthis, Juniper | 3 Appweb, Goahead, Junos | 2024-11-21 | 7.5 High |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. | ||||
| CVE-2018-15504 | 2 Embedthis, Juniper | 134 Appweb, Goahead, Ex2200 and 131 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. | ||||