ReportizFlow
Filtered by vendor
Subscriptions
Total
322227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10565 | 1 Flexense | 1 Disksavvy | 2024-11-21 | N/A |
| XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10564 | 1 Flexense | 1 Diskpulse | 2024-11-21 | N/A |
| XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10563 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | N/A |
| An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | ||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | ||||
| CVE-2018-10553 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | ||||
| CVE-2018-10550 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | N/A |
| In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | ||||
| CVE-2018-10549 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. | ||||
| CVE-2018-10548 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. | ||||
| CVE-2018-10547 | 5 Canonical, Debian, Netapp and 2 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | N/A |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | ||||
| CVE-2018-10546 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | ||||
| CVE-2018-10545 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. | ||||
| CVE-2018-10544 | 1 Meross | 2 Mss110, Mss110 Firmware | 2024-11-21 | N/A |
| Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. | ||||
| CVE-2018-10540 | 2 Debian, Wavpack | 2 Debian Linux, Wavpack | 2024-11-21 | N/A |
| An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | ||||
| CVE-2018-10539 | 2 Debian, Wavpack | 2 Debian Linux, Wavpack | 2024-11-21 | N/A |
| An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | ||||
| CVE-2018-10538 | 2 Debian, Wavpack | 2 Debian Linux, Wavpack | 2024-11-21 | N/A |
| An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | ||||
| CVE-2018-10537 | 2 Debian, Wavpack | 2 Debian Linux, Wavpack | 2024-11-21 | N/A |
| An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. | ||||
| CVE-2018-10536 | 2 Debian, Wavpack | 2 Debian Linux, Wavpack | 2024-11-21 | N/A |
| An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. | ||||
| CVE-2018-10535 | 2 Gnu, Redhat | 5 Binutils, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. | ||||
| CVE-2018-10534 | 2 Gnu, Redhat | 5 Binutils, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. | ||||
| CVE-2018-10532 | 1 Ee | 2 4gee, 4gee Firmware | 2024-11-21 | N/A |
| An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. | ||||