Export limit exceeded: 350771 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350771 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6020 | 1 Silextechnology | 8 Geh-500, Geh-500 Firmware, Geh-sd-320an and 5 more | 2024-11-21 | N/A |
| In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. | ||||
| CVE-2018-6019 | 1 Samsung | 1 Display Solutions | 2024-11-21 | N/A |
| Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. | ||||
| CVE-2018-6018 | 1 Tinder | 1 Tinder | 2024-11-21 | N/A |
| Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic. | ||||
| CVE-2018-6017 | 1 Tinder | 1 Tinder | 2024-11-21 | N/A |
| Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic. | ||||
| CVE-2018-6016 | 1 10-strike | 1 Network Monitor | 2024-11-21 | N/A |
| Unquoted Windows search path vulnerability in the srvInventoryWebServer service in 10-Strike Network Monitor 5.4 allows local users to gain privileges via a malicious artefact. | ||||
| CVE-2018-6015 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | N/A |
| An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. | ||||
| CVE-2018-6014 | 1 Subsonic | 1 Subsonic | 2024-11-21 | N/A |
| Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data. | ||||
| CVE-2018-6013 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php. | ||||
| CVE-2018-6012 | 1 Rainmachine | 2 Mini-8, Mini-8 Firmware | 2024-11-21 | N/A |
| The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. | ||||
| CVE-2018-6011 | 1 Rainmachine | 2 Mini-8, Mini-8 Firmware | 2024-11-21 | N/A |
| The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. | ||||
| CVE-2018-6010 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | N/A |
| In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php. | ||||
| CVE-2018-6009 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | N/A |
| In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | ||||
| CVE-2018-6008 | 1 Joomlatag | 1 Jtag Members Directory | 2024-11-21 | N/A |
| Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. | ||||
| CVE-2018-6007 | 1 Joomsky | 1 Js Support Ticket | 2024-11-21 | N/A |
| CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket. | ||||
| CVE-2018-6006 | 1 Joomsky | 1 Js Autoz | 2024-11-21 | N/A |
| SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | ||||
| CVE-2018-6005 | 1 Realpin Project | 1 Realpin | 2024-11-21 | N/A |
| SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter. | ||||
| CVE-2018-6004 | 1 Techsolsystem | 1 File Download Tracker | 2024-11-21 | N/A |
| SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter. | ||||
| CVE-2018-6003 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2024-11-21 | 7.5 High |
| An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | ||||
| CVE-2018-6002 | 1 Webartisan | 1 Soundy Background Music | 2024-11-21 | N/A |
| The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). | ||||
| CVE-2018-6001 | 1 Webartisan | 1 Soundy Audio Playlist | 2024-11-21 | N/A |
| The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | ||||