ReportizFlow
Filtered by vendor
Subscriptions
Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1319 | 1 Apache | 1 Allura | 2024-11-21 | N/A |
| In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session. | ||||
| CVE-2018-18996 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | N/A |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server. | ||||
| CVE-2018-18992 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | N/A |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server. | ||||
| CVE-2018-18250 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | N/A |
| Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. | ||||
| CVE-2018-18207 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A |
| Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter. | ||||
| CVE-2018-16763 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 9.8 Critical |
| FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. | ||||
| CVE-2018-16627 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A |
| panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. | ||||
| CVE-2018-16492 | 2 Extend Project, Redhat | 2 Extend, Quay | 2024-11-21 | N/A |
| A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. | ||||
| CVE-2018-16491 | 1 Dreamerslab | 1 Node.extend | 2024-11-21 | N/A |
| A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | ||||
| CVE-2018-16490 | 1 Mpath Project | 1 Mpath | 2024-11-21 | N/A |
| A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype. | ||||
| CVE-2018-16489 | 1 Just-extend Project | 1 Just-extend | 2024-11-21 | 9.8 Critical |
| A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions. | ||||
| CVE-2018-16486 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-11-21 | N/A |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | ||||
| CVE-2018-1000854 | 1 Esigate | 1 Esigate | 2024-11-21 | N/A |
| esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable via Use of another weakness in backend application to reflect ESI directives. This vulnerability appears to have been fixed in 5.3. | ||||
| CVE-2018-1000193 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 4.3 Medium |
| A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI. | ||||
| CVE-2018-1000130 | 2 Jolokia, Redhat | 2 Webarchive Agent, Jboss Fuse | 2024-11-21 | N/A |
| A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. | ||||
| CVE-2017-7848 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | ||||
| CVE-2017-7846 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | ||||
| CVE-2017-7788 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. | ||||
| CVE-2017-6015 | 1 Rockwellautomation | 1 Factorytalk Activation | 2024-11-21 | N/A |
| Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code with elevated privileges on the system. CVSS v3 base score: 8.8, CVSS vector string: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Rockwell Automation has released a new version of FactoryTalk Activation, Version 4.01, which addresses the identified vulnerability. Rockwell Automation recommends upgrading to the latest version of FactoryTalk Activation, Version 4.01 or later. | ||||
| CVE-2017-5799 | 1 Hp | 1 Opencall Media Platform | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). | ||||