ReportizFlow
Filtered by vendor
Subscriptions
Total
322137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15503 | 1 Swoole | 1 Swoole | 2024-11-21 | N/A |
| The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. | ||||
| CVE-2018-15502 | 1 Lwolf | 1 Loading Docs | 2024-11-21 | N/A |
| Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. | ||||
| CVE-2018-15501 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 7.5 High |
| In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. | ||||
| CVE-2018-15499 | 1 Gearsoftware | 1 Gearaspiwdm | 2024-11-21 | N/A |
| GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine. | ||||
| CVE-2018-15498 | 1 Ysoft | 2 Safeq Server, Safeq Server Client | 2024-11-21 | N/A |
| YSoft SafeQ Server 6 allows a replay attack. | ||||
| CVE-2018-15497 | 1 Mitel | 2 Mivoice 5330e, Mivoice 5330e Firmware | 2024-11-21 | N/A |
| The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. | ||||
| CVE-2018-15495 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A |
| /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. | ||||
| CVE-2018-15494 | 2 Debian, Dojotoolkit | 2 Debian Linux, Dojo | 2024-11-21 | N/A |
| In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | ||||
| CVE-2018-15493 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | N/A |
| vBulletin 5.4.3 has an Open Redirect. | ||||
| CVE-2018-15492 | 1 Gemalto | 1 Sentinel License Manager | 2024-11-21 | N/A |
| A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. | ||||
| CVE-2018-15491 | 1 Zemana | 1 Antilogger | 2024-11-21 | N/A |
| A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | ||||
| CVE-2018-15490 | 2 Expressvpn, Microsoft | 2 Expressvpn, Windows | 2024-11-21 | N/A |
| An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service. | ||||
| CVE-2018-15486 | 1 Kone | 2 Group Controller, Group Controller Firmware | 2024-11-21 | N/A |
| An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02. | ||||
| CVE-2018-15485 | 1 Kone | 2 Group Controller, Group Controller Firmware | 2024-11-21 | N/A |
| An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. | ||||
| CVE-2018-15484 | 1 Kone | 2 Group Controller, Group Controller Firmware | 2024-11-21 | N/A |
| An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. | ||||
| CVE-2018-15483 | 1 Kone | 2 Group Controller, Group Controller Firmware | 2024-11-21 | N/A |
| An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04. | ||||
| CVE-2018-15482 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2024-11-21 | N/A |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. | ||||
| CVE-2018-15481 | 1 Ucopia | 2 Wireless Appliance, Wireless Appliance Firmware | 2024-11-21 | N/A |
| Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. | ||||
| CVE-2018-15480 | 1 Mystrom | 12 Wifi Bulb, Wifi Bulb Firmware, Wifi Button and 9 more | 2024-11-21 | N/A |
| An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated user to reconfigure the server URL for a device registered to their account. In combination with an insecure device registration vulnerability, this allowed an attacker to reconfigure a maliciously registered device to their own rogue replica of the myStrom API and issue commands to the device, including firmware update commands. | ||||
| CVE-2018-15479 | 1 Mystrom | 12 Wifi Bulb, Wifi Bulb Firmware, Wifi Button and 9 more | 2024-11-21 | N/A |
| An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address. | ||||