Total
23701 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-14805 | 1 Hitachienergy | 1 Esoms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | |||||
CVE-2018-7072 | 1 Hp | 1 Moonshot Provisioning Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
CVE-2018-13858 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
CVE-2018-18486 | 1 Phpshe | 1 Phpshe | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter. | |||||
CVE-2019-9194 | 1 Std42 | 1 Elfinder | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | |||||
CVE-2018-8626 | 1 Microsoft | 4 Windows 10, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
CVE-2018-20721 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. | |||||
CVE-2018-19645 | 1 Microfocus | 1 Solutions Business Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
CVE-2018-19862 | 1 Minishare Project | 1 Minishare | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued. | |||||
CVE-2015-9280 | 1 Mailenable | 1 Mailenable | 2023-12-10 | 5.0 MEDIUM | 10.0 CRITICAL |
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | |||||
CVE-2018-18892 | 1 1234n | 1 Minicms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | |||||
CVE-2018-14819 | 1 Fujielectric | 2 V-server, V-server Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. | |||||
CVE-2017-7481 | 3 Canonical, Debian, Redhat | 10 Ubuntu Linux, Debian Linux, Ansible Engine and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. | |||||
CVE-2018-19248 | 1 Epson | 2 Epson Workforce Wf-2861, Epson Workforce Wf-2861 Firmware | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. | |||||
CVE-2019-0547 | 1 Microsoft | 1 Windows 10 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers. | |||||
CVE-2018-8784 | 2 Canonical, Freerdp | 2 Ubuntu Linux, Freerdp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. | |||||
CVE-2018-6678 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2018-14746 | 1 Qnap | 1 Qts | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | |||||
CVE-2018-17936 | 1 Nuuo | 1 Nuuo Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. | |||||
CVE-2018-16287 | 1 Lg | 1 Supersign Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. |