Total
32313 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21117 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler. | ||||
| CVE-2018-21116 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | ||||
| CVE-2018-21075 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018). | ||||
| CVE-2018-21063 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018). | ||||
| CVE-2018-20979 | 1 Rocklobster | 1 Contact Form 7 | 2024-11-21 | N/A |
| The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. | ||||
| CVE-2018-20960 | 1 Nespresso | 2 Prodigo, Prodigo Firmware | 2024-11-21 | N/A |
| Nespresso Prodigio devices lack Bluetooth connection security. | ||||
| CVE-2018-20959 | 1 Jura | 2 E8, E8 Firmware | 2024-11-21 | N/A |
| Jura E8 devices lack Bluetooth connection security. | ||||
| CVE-2018-20892 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | ||||
| CVE-2018-20880 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | ||||
| CVE-2018-20862 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | ||||
| CVE-2018-20853 | 1 Mailpoet | 1 Mailpoet Newsletters | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. | ||||
| CVE-2018-20851 | 1 Helpy.io | 1 Helpy | 2024-11-21 | N/A |
| Helpy before 2.2.0 allows agents to edit admins. | ||||
| CVE-2018-20799 | 1 Netgate | 1 Pfsense | 2024-11-21 | N/A |
| In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions. | ||||
| CVE-2018-20785 | 1 Neatorobotics | 14 Botvac Connected, Botvac Connected Firmware, Botvac D3 Connected and 11 more | 2024-11-21 | N/A |
| Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this does not completely reset the chip: memory contents are still in place. Also, it restarts into a boot menu that enables XMODEM upload and execution of an unsigned QNX IFS system image, thereby completing the bypass of secure boot. Moreover, the attacker can craft custom IFS data and write it to unused memory to extract all memory contents that had previously been present. This includes the original firmware and sensitive information such as Wi-Fi credentials. | ||||
| CVE-2018-20764 | 2 Helpsystems, Linux | 2 Boks, Linux Kernel | 2024-11-21 | N/A |
| A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. | ||||
| CVE-2018-20674 | 1 Dlink | 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more | 2024-11-21 | N/A |
| D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. | ||||
| CVE-2018-20587 | 2 Bitcoin, Bitcoinknots | 2 Bitcoin Core, Bitcoin Knots | 2024-11-21 | N/A |
| Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port. | ||||
| CVE-2018-20584 | 3 Debian, Jasper Project, Oracle | 3 Debian Linux, Jasper, Outside In Technology | 2024-11-21 | 6.5 Medium |
| JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | ||||
| CVE-2018-20423 | 1 Comsenz | 1 Discuzx | 2024-11-21 | N/A |
| Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string. | ||||
| CVE-2018-20393 | 1 Technicolor | 16 Cga0101, Cga0101 Firmware, Cga0111 and 13 more | 2024-11-21 | N/A |
| Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||