Total
33308 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20161 | 1 Blinkforhome | 1 Sync Module | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app also becomes unavailable.) | |||||
| CVE-2018-20146 | 1 Liquidware | 2 Flexapp, Profileunity | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. | |||||
| CVE-2018-20069 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | |||||
| CVE-2018-20067 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | |||||
| CVE-2018-20053 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network. | |||||
| CVE-2018-20050 | 1 Qacctv | 2 Jooan Ja-q1h Wi-fi Camera, Jooan Ja-q1h Wi-fi Camera Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method. | |||||
| CVE-2018-20034 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | |||||
| CVE-2018-20032 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | |||||
| CVE-2018-20031 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | |||||
| CVE-2018-20028 | 1 Contao | 1 Contao Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. | |||||
| CVE-2018-20026 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 15 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. | |||||
| CVE-2018-1997 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774. | |||||
| CVE-2018-1974 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915. | |||||
| CVE-2018-1928 | 1 Ibm | 1 Storediq | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
| IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119. | |||||
| CVE-2018-1906 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663. | |||||
| CVE-2018-1903 | 1 Ibm | 1 Sterling Connect\ | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532. | |||||
| CVE-2018-1901 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.5 MEDIUM | 5.0 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530. | |||||
| CVE-2018-1899 | 1 Ibm | 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. | |||||
| CVE-2018-1883 | 1 Ibm | 1 Mq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969. | |||||
| CVE-2018-1859 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.5 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258. | |||||