ReportizFlow
Filtered by vendor
Subscriptions
Total
322227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10076 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). | ||||
| CVE-2018-10075 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | ||||
| CVE-2018-10074 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval. | ||||
| CVE-2018-10073 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | N/A |
| joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. | ||||
| CVE-2018-10072 | 1 Jungo | 1 Windriver | 2024-11-21 | N/A |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call. | ||||
| CVE-2018-10071 | 1 Jungo | 1 Windriver | 2024-11-21 | N/A |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call. | ||||
| CVE-2018-10070 | 1 Mikrotik | 2 Router, Router Firmware | 2024-11-21 | N/A |
| A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message. | ||||
| CVE-2018-10068 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | N/A |
| The jDownloads extension before 3.2.59 for Joomla! has XSS. | ||||
| CVE-2018-10066 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A |
| An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). | ||||
| CVE-2018-10063 | 1 Convert Forms Project | 1 Convert Forms | 2024-11-21 | N/A |
| The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file. | ||||
| CVE-2018-10061 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 5.4 Medium |
| Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | ||||
| CVE-2018-10060 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 5.4 Medium |
| Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | ||||
| CVE-2018-10059 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
| Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | ||||
| CVE-2018-10058 | 2 Bfgminer, Cgminer Project | 2 Bfgminer, Cgminer | 2024-11-21 | N/A |
| The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers. | ||||
| CVE-2018-10057 | 2 Bfgminer, Cgminer Project | 2 Bfgminer, Cgminer | 2024-11-21 | N/A |
| The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal). | ||||
| CVE-2018-10055 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A |
| Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. | ||||
| CVE-2018-10054 | 2 Cognitect, H2database | 2 Datomic, H2 | 2024-11-21 | 8.8 High |
| H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment." | ||||
| CVE-2018-10052 | 1 Iscripts | 1 Supportdesk | 2024-11-21 | N/A |
| iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. | ||||
| CVE-2018-10051 | 1 Iscripts | 1 Supportdesk | 2024-11-21 | N/A |
| iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. | ||||
| CVE-2018-10050 | 1 Iscripts | 1 Eswap | 2024-11-21 | N/A |
| iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. | ||||