Total
23719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18765 | 1 Cesanta | 1 Mongoose | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2018-17254 | 1 Arkextensions | 1 Jck Editor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. | |||||
| CVE-2018-19281 | 1 Centreon | 1 Centreon | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | |||||
| CVE-2018-1567 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. | |||||
| CVE-2018-17063 | 1 Dlink | 2 Dir-816 A2, Dir-816 A2 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | |||||
| CVE-2018-18502 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. | |||||
| CVE-2019-3910 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2023-12-10 | 8.5 HIGH | 9.1 CRITICAL |
| Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. | |||||
| CVE-2016-6545 | 1 Ieasytec | 1 Itrackeasy | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password. | |||||
| CVE-2018-5188 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-18957 | 1 Mz-automation | 1 Libiec61850 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | |||||
| CVE-2018-14349 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. | |||||
| CVE-2018-20784 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | |||||
| CVE-2019-9195 | 1 Grin | 1 Grin | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. | |||||
| CVE-2018-5399 | 1 Auto-maskin | 4 Dcu-210e, Dcu-210e Firmware, Rp-210e and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7. | |||||
| CVE-2018-14078 | 1 Wi2be | 1 Smart Hp Wmt | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack). | |||||
| CVE-2019-6266 | 1 Cordaware | 1 Bestinformed | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext. | |||||
| CVE-2017-16338 | 1 Insteon | 2 Hub, Hub Firmware | 2023-12-10 | 8.0 HIGH | 9.9 CRITICAL |
| An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2018-1000832 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. | |||||
| CVE-2018-0645 | 1 Bit-part | 1 Mtappjquery | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors. | |||||
| CVE-2018-10870 | 1 Redhat | 2 Certification, Enterprise Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution. | |||||