Vulnerabilities (CVE)

Total 23421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18835 1 Doccms 1 Doccms 2023-12-10 7.5 HIGH 9.8 CRITICAL
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
CVE-2017-16342 1 Insteon 2 Hub, Hub Firmware 2023-12-10 8.0 HIGH 9.9 CRITICAL
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.
CVE-2018-5400 2 Arm, Auto-maskin 5 Arm7, Dcu 210e, Dcu 210e Firmware and 2 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.
CVE-2018-16395 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVE-2018-12548 1 Eclipse 1 Openj9 2023-12-10 7.5 HIGH 9.8 CRITICAL
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
CVE-2018-3832 1 Insteon 2 Hub 2245-222, Hub 2245-222 Firmware 2023-12-10 8.5 HIGH 9.0 CRITICAL
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.
CVE-2019-9169 4 Canonical, Gnu, Mcafee and 1 more 6 Ubuntu Linux, Glibc, Web Gateway and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2018-18871 1 Gigasetpro 2 Maxwell Basic, Maxwell Basic Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password).
CVE-2016-6548 1 Nutspace 1 Nut Mobile 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
CVE-2018-17173 1 Lg 1 Supersign Cms 2023-12-10 7.5 HIGH 9.8 CRITICAL
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVE-2018-19925 1 Sales \& Company Management System Project 1 Sales \& Company Management System 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
CVE-2018-1000861 2 Jenkins, Redhat 2 Jenkins, Openshift Container Platform 2023-12-10 10.0 HIGH 9.8 CRITICAL
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
CVE-2018-20325 1 Definitions Project 1 Definitions 2023-12-10 7.5 HIGH 9.8 CRITICAL
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.
CVE-2018-19207 1 Van-ons 1 Wp-gdpr-compliance 2023-12-10 7.5 HIGH 9.8 CRITICAL
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
CVE-2015-8298 1 Rxtec 1 Rxadmin 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
CVE-2018-1722 1 Ibm 1 Security Access Manager 2023-12-10 10.0 HIGH 10.0 CRITICAL
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
CVE-2018-20440 1 Technicolor 2 Cwa0101, Cwa0101 Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
CVE-2018-20056 2 D-link, Dlink 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
CVE-2018-8955 1 Bitdefender 1 Gravityzone 2023-12-10 7.5 HIGH 9.8 CRITICAL
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged.
CVE-2016-8618 1 Haxx 1 Curl 2023-12-10 7.5 HIGH 9.8 CRITICAL
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.