Export limit exceeded: 75463 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75463 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3834 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 7.4 High |
| An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image. | ||||
| CVE-2018-3833 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2024-11-21 | 7.5 High |
| An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. | ||||
| CVE-2018-3831 | 2 Elastic, Redhat | 2 Elasticsearch, Jboss Fuse | 2024-11-21 | 8.8 High |
| Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details. | ||||
| CVE-2018-3827 | 1 Elastic | 1 Azure Repository | 2024-11-21 | 8.1 High |
| A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged. | ||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 7.5 High |
| Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | ||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.8 High |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | ||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2024-11-21 | 7.5 High |
| Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | ||||
| CVE-2018-3761 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | ||||
| CVE-2018-3758 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 8.8 High |
| Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | ||||
| CVE-2018-3737 | 2 Joyent, Redhat | 2 Sshpk, Rhel Software Collections | 2024-11-21 | 7.5 High |
| sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. | ||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2024-11-21 | 7.5 High |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 7.5 High |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3732 | 1 Resolve-path Project | 1 Resolve-path | 2024-11-21 | 7.5 High |
| resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3731 | 1 Public.js Project | 1 Public.js | 2024-11-21 | 7.5 High |
| public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2024-11-21 | 7.5 High |
| mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3729 | 1 Localhost-now Project | 1 Localhost-now | 2024-11-21 | 7.5 High |
| localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3727 | 1 626 Project | 1 626 | 2024-11-21 | 7.5 High |
| 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 7.5 High |
| hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2024-11-21 | 8.8 High |
| assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3719 | 1 Mixin-deep Project | 1 Mixin-deep | 2024-11-21 | 8.8 High |
| mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||