Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21141 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2024-11-21 | 2.7 LOW | 4.5 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. | |||||
| CVE-2018-21140 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. | |||||
| CVE-2018-21122 | 1 Netgear | 8 Gs110emx, Gs110emx Firmware, Gs810emx and 5 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. | |||||
| CVE-2018-21115 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | |||||
| CVE-2018-21092 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | |||||
| CVE-2018-21078 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). | |||||
| CVE-2018-21068 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | |||||
| CVE-2018-21055 | 2 Google, Qualcomm | 2 Android, Msm8996 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). | |||||
| CVE-2018-21036 | 1 Sailsjs | 1 Sails | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. | |||||
| CVE-2018-21033 | 4 Hitachi, Linux, Microsoft and 1 more | 11 Automation Director, Compute Systems Manager, Device Manager and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. | |||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | |||||
| CVE-2018-20985 | 1 Payeezy | 1 Wp Payeezy Pay | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. | |||||
| CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | |||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | |||||
| CVE-2018-20973 | 1 Codeermeneer | 1 Companion Auto Update | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. | |||||
| CVE-2018-20917 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 70.0.23 allows any user to disable Solr (SEC-371). | |||||
| CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | |||||
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.3 LOW | 2.8 LOW |
| cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | |||||
| CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
| CVE-2018-20893 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 2.3 LOW |
| cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). | |||||