Vulnerabilities (CVE)

Total 23574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9578 1 Google 1 Android 2023-12-10 7.5 HIGH 9.8 CRITICAL
In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928.
CVE-2018-0435 1 Cisco 1 Umbrella 2023-12-10 6.5 MEDIUM 9.1 CRITICAL
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations.
CVE-2018-18312 5 Canonical, Debian, Netapp and 2 more 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18822 1 Grapixel 1 New Media 2023-12-10 7.5 HIGH 9.8 CRITICAL
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
CVE-2018-2943 1 Oracle 1 Fusion Middleware Mapviewer 2023-12-10 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware MapViewer. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-19698 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-10511 1 Trendmicro 1 Control Manager 2023-12-10 6.4 MEDIUM 10.0 CRITICAL
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
CVE-2018-7631 1 Adbglobal 1 Epicentro 2023-12-10 7.5 HIGH 9.8 CRITICAL
Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication.
CVE-2018-10620 1 Aveva 2 Indusoft Web Studio, Intouch Machine 2017 2023-12-10 7.5 HIGH 9.8 CRITICAL
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
CVE-2018-0714 1 Qnap 2 Helpdesk, Qts 2023-12-10 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.
CVE-2018-18311 8 Apple, Canonical, Debian and 5 more 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2019-8261 1 Uvnc 1 Ultravnc 2023-12-10 7.5 HIGH 9.8 CRITICAL
UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200.
CVE-2018-17888 1 Nuuo 1 Nuuo Cms 2023-12-10 7.5 HIGH 9.8 CRITICAL
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
CVE-2018-1000829 1 Anyplace Project 1 Anyplace 2023-12-10 6.8 MEDIUM 9.0 CRITICAL
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4.
CVE-2018-19595 1 Pbootcms 1 Pbootcms 2023-12-10 7.5 HIGH 9.8 CRITICAL
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
CVE-2018-16792 1 Solarwinds 1 Sftp\/scp Server 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.
CVE-2018-18408 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2023-12-10 7.5 HIGH 9.8 CRITICAL
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
CVE-2018-14065 1 Phpoffice Project 1 Common 2023-12-10 7.5 HIGH 9.8 CRITICAL
XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.
CVE-2018-17900 1 Yokogawa 8 Fcj, Fcj Firmware, Fcn-100 and 5 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
CVE-2018-16239 1 Damicms 1 Damicms 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.