Vulnerabilities (CVE)

Total 23577 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12782 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-19635 2 Broadcom, Ca 2 Service Desk Manager, Service Desk Manager 2023-12-10 7.5 HIGH 9.8 CRITICAL
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVE-2017-18160 1 Qualcomm 16 Mdm9635m, Mdm9635m Firmware, Mdm9645 and 13 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850
CVE-2018-8797 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2023-12-10 7.5 HIGH 9.8 CRITICAL
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
CVE-2018-20732 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
CVE-2018-14703 1 Drobo 2 5n2, 5n2 Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.
CVE-2018-1000653 1 Zzcms 1 Zzcms 2023-12-10 7.5 HIGH 9.8 CRITICAL
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
CVE-2018-7364 1 Zte 1 Zxin10 2023-12-10 10.0 HIGH 9.8 CRITICAL
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
CVE-2016-6553 1 Nuuo 2 Nt-4040 Titan, Nt-4040 Titan Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.
CVE-2018-13045 1 Yeswiki 1 Cercopitheque 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
CVE-2018-14720 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Banking Platform and 9 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-1000627 1 Battelle 1 V2i Hub 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.
CVE-2018-16842 3 Canonical, Debian, Haxx 3 Ubuntu Linux, Debian Linux, Curl 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
CVE-2018-18765 1 Cesanta 1 Mongoose 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVE-2018-17254 1 Arkextensions 1 Jck Editor 2023-12-10 7.5 HIGH 9.8 CRITICAL
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
CVE-2018-19281 1 Centreon 1 Centreon 2023-12-10 7.5 HIGH 9.8 CRITICAL
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
CVE-2018-1567 1 Ibm 1 Websphere Application Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.
CVE-2018-17063 1 Dlink 2 Dir-816 A2, Dir-816 A2 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.
CVE-2018-18502 2 Canonical, Mozilla 2 Ubuntu Linux, Firefox 2023-12-10 10.0 HIGH 9.8 CRITICAL
Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.
CVE-2019-3910 1 Crestron 2 Airmedia Am-100, Airmedia Am-100 Firmware 2023-12-10 8.5 HIGH 9.1 CRITICAL
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.