ReportizFlow
Filtered by vendor
Subscriptions
Total
322231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15358 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | N/A |
| An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. | ||||
| CVE-2018-15357 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | N/A |
| An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. | ||||
| CVE-2018-15356 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | N/A |
| An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | ||||
| CVE-2018-15355 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. | ||||
| CVE-2018-15354 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. | ||||
| CVE-2018-15353 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. | ||||
| CVE-2018-15352 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | ||||
| CVE-2018-15351 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | ||||
| CVE-2018-15350 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. | ||||
| CVE-2018-15335 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response | ||||
| CVE-2018-15334 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. | ||||
| CVE-2018-15333 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. | ||||
| CVE-2018-15332 | 3 Apple, F5, Linux | 4 Macos, Big-ip Access Policy Manager, Big-ip Access Policy Manager Client and 1 more | 2024-11-21 | N/A |
| The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. | ||||
| CVE-2018-15331 | 1 F5 | 1 Big-ip Application Acceleration Manager | 2024-11-21 | N/A |
| On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. | ||||
| CVE-2018-15330 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file. | ||||
| CVE-2018-15329 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2024-11-21 | N/A |
| On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | ||||
| CVE-2018-15328 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | N/A |
| On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. | ||||
| CVE-2018-15327 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2024-11-21 | N/A |
| In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | ||||
| CVE-2018-15326 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A |
| In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List. | ||||
| CVE-2018-15325 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands | ||||