Total
23693 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4032 | 1 Ibm | 1 Financial Transaction Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. | |||||
| CVE-2018-18796 | 1 Library Management System Project | 1 Library Management System | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | |||||
| CVE-2018-11466 | 1 Siemens | 10 Sinumerik 808d V4.7, Sinumerik 808d V4.7 Firmware, Sinumerik 808d V4.8 and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known | |||||
| CVE-2018-17066 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | |||||
| CVE-2018-15680 | 1 Btiteam | 1 Xbtit | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. | |||||
| CVE-2018-1264 | 1 Pivotal Software | 1 Cloud Foundry Log Cache | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation. | |||||
| CVE-2018-20577 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
| Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2019-9020 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. | |||||
| CVE-2018-1000833 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | |||||
| CVE-2018-18527 | 1 Owndms | 1 Ownticket | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. | |||||
| CVE-2018-7836 | 1 Schneider-electric | 1 Iiot Monitor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | |||||
| CVE-2018-14088 | 1 Stex White List Project | 1 Stex White List | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in withdrawToFounders(). | |||||
| CVE-2017-9000 | 1 Hp | 1 Arubaos | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise. | |||||
| CVE-2018-0684 | 1 Neo | 2 Debun Imap, Debun Pop | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format data. | |||||
| CVE-2018-18628 | 1 Pippo | 1 Pippo | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution. | |||||
| CVE-2018-15882 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. | |||||
| CVE-2018-12754 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-14418 | 1 Msvod | 1 Msvod Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. | |||||
| CVE-2018-16328 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | |||||
| CVE-2018-6677 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
| Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. | |||||