Total
23848 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16486 | 1 Defaults-deep Project | 1 Defaults-deep | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype. | |||||
| CVE-2018-14815 | 1 Fujielectric | 2 V-server, V-server Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. | |||||
| CVE-2018-18804 | 1 Bakeshop Inventory System Project | 1 Bakeshop Inventory System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb. | |||||
| CVE-2018-11716 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444. | |||||
| CVE-2018-15893 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter. | |||||
| CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
| CVE-2018-19857 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. | |||||
| CVE-2018-1000804 | 1 Contiki-ng | 1 Contiki-ng | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). | |||||
| CVE-2017-16345 | 1 Insteon | 2 Hub, Hub Firmware | 2023-12-10 | 8.0 HIGH | 9.9 CRITICAL |
| An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3". | |||||
| CVE-2018-8793 | 3 Debian, Opensuse, Rdesktop | 3 Debian Linux, Leap, Rdesktop | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | |||||
| CVE-2018-18375 | 1 Orange | 2 Airbox, Airbox Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | |||||
| CVE-2018-18755 | 1 K-iwi | 1 K-iwi | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. | |||||
| CVE-2018-18493 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-17191 | 1 Apache | 1 Netbeans | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution. | |||||
| CVE-2018-6012 | 1 Rainmachine | 2 Mini-8, Mini-8 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. | |||||
| CVE-2018-17611 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | |||||
| CVE-2018-12823 | 1 Adobe | 1 Digital Editions | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12666 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. | |||||
| CVE-2018-8800 | 3 Debian, Opensuse, Rdesktop | 3 Debian Linux, Leap, Rdesktop | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | |||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | |||||