ReportizFlow
Filtered by vendor
Subscriptions
Total
322276 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11656 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. | ||||
| CVE-2018-11655 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | N/A |
| In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. | ||||
| CVE-2018-11654 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 7.5 High |
| Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. | ||||
| CVE-2018-11653 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 9.8 Critical |
| Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password. | ||||
| CVE-2018-11652 | 1 Cirt.net | 1 Nikto | 2024-11-21 | N/A |
| CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | ||||
| CVE-2018-11651 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. | ||||
| CVE-2018-11650 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. | ||||
| CVE-2018-11649 | 1 Gethue | 1 Hue | 2024-11-21 | N/A |
| Hue 3.12 has XSS via the /pig/save/ name and script parameters. | ||||
| CVE-2018-11647 | 1 Oauth2orize-fprm Project | 1 Oauth2orize-fprm | 2024-11-21 | N/A |
| index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. | ||||
| CVE-2018-11646 | 1 Webkitgtk | 1 Webkitgtk\+ | 2024-11-21 | N/A |
| webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. | ||||
| CVE-2018-11645 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
| psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | ||||
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | ||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | ||||
| CVE-2018-11641 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | ||||
| CVE-2018-11640 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | ||||
| CVE-2018-11639 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | ||||
| CVE-2018-11638 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | ||||
| CVE-2018-11637 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. | ||||
| CVE-2018-11636 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | ||||
| CVE-2018-11635 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | ||||