Export limit exceeded: 11092 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11092 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21125 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. | ||||
| CVE-2018-21121 | 1 Netgear | 6 Gs810emx, Gs810emx Firmware, Xs512em and 3 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. | ||||
| CVE-2018-21118 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. | ||||
| CVE-2018-21062 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). | ||||
| CVE-2018-21038 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | ||||
| CVE-2018-21007 | 1 Wisetr | 1 User Email Verification For Woocommerce | 2024-11-21 | N/A |
| The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | ||||
| CVE-2018-20957 | 1 Tapplock | 2 One\+, One\+ Firmware | 2024-11-21 | N/A |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | ||||
| CVE-2018-20954 | 1 Mailpile | 1 Mailpile | 2024-11-21 | N/A |
| The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | ||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | ||||
| CVE-2018-20938 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | ||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | ||||
| CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | ||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | ||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | ||||
| CVE-2018-20890 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | ||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | ||||
| CVE-2018-20735 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | N/A |
| An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration | ||||
| CVE-2018-20675 | 1 Dlink | 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more | 2024-11-21 | 9.8 Critical |
| D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | ||||
| CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | ||||
| CVE-2018-20422 | 1 Comsenz | 1 Discuzx | 2024-11-21 | N/A |
| Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed). | ||||