Vulnerabilities (CVE)

Total 23723 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000834 1 Runelite 1 Runelite 2023-12-10 6.8 MEDIUM 9.0 CRITICAL
runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
CVE-2019-6296 1 Skymoonlabs 1 Cleanto 2023-12-10 7.5 HIGH 9.8 CRITICAL
Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.
CVE-2018-18926 1 Gitea 1 Gitea 2023-12-10 7.5 HIGH 9.8 CRITICAL
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.
CVE-2019-6527 1 Kunbus 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.
CVE-2019-6260 2 Aspeedtech, Netapp 5 Ast2400, Ast2400 Firmware, Ast2500 and 2 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup.
CVE-2016-6566 1 Sungardas 1 Etrakit3 2023-12-10 7.5 HIGH 9.8 CRITICAL
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
CVE-2018-19063 2 Foscam, Opticam 6 C2, C2 Application Firmware, C2 System Firmware and 3 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The admin account has a blank password.
CVE-2018-14938 2 Canonical, Digitalcorpora 2 Ubuntu Linux, Tcpflow 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
CVE-2018-12392 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
CVE-2018-18996 1 Lcds 1 Laquis Scada 2023-12-10 7.5 HIGH 9.8 CRITICAL
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper authorization or sanitation, which may allow an attacker to execute remote code on the server.
CVE-2018-16974 1 Elefantcms 1 Elefant 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).
CVE-2018-17397 1 Multiplanet 1 Alphaindex Dictionaries 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
CVE-2018-0376 1 Cisco 2 Mobility Services Engine, Policy Suite 2023-12-10 7.5 HIGH 9.8 CRITICAL
A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109.
CVE-2019-2489 1 Oracle 1 E-business Suite 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2016-4404 1 Hp 1 Keyview 2023-12-10 7.5 HIGH 9.8 CRITICAL
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.
CVE-2019-5909 1 Yokogawa 4 B\/m 9000 Vp, Centum Vp, Prm and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
CVE-2018-19468 1 Hucart 1 Hucart 2023-12-10 7.5 HIGH 9.8 CRITICAL
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
CVE-2018-20122 1 Fastweb 2 Fastgate, Fastgate Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.
CVE-2015-9262 4 Canonical, Debian, Redhat and 1 more 7 Ubuntu Linux, Debian Linux, Ansible Tower and 4 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
CVE-2018-13259 2 Canonical, Zsh 2 Ubuntu Linux, Zsh 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.