Vulnerabilities (CVE)

Total 23795 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18240 1 Pippo 1 Pippo 2023-12-10 7.5 HIGH 9.8 CRITICAL
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
CVE-2018-15904 1 A10networks 1 Acos Web Application Firewall 2023-12-10 7.5 HIGH 9.8 CRITICAL
A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008.
CVE-2018-19064 2 Foscam, Opticam 6 C2, C2 Application Firmware, C2 System Firmware and 3 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed.
CVE-2018-19362 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-12782 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-19635 2 Broadcom, Ca 2 Service Desk Manager, Service Desk Manager 2023-12-10 7.5 HIGH 9.8 CRITICAL
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVE-2017-18160 1 Qualcomm 16 Mdm9635m, Mdm9635m Firmware, Mdm9645 and 13 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850
CVE-2018-8797 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2023-12-10 7.5 HIGH 9.8 CRITICAL
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
CVE-2018-20732 6 Hpe, Ibm, Linux and 3 more 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
CVE-2018-14703 1 Drobo 2 5n2, 5n2 Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.
CVE-2018-1000653 1 Zzcms 1 Zzcms 2023-12-10 7.5 HIGH 9.8 CRITICAL
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
CVE-2018-7364 1 Zte 1 Zxin10 2023-12-10 10.0 HIGH 9.8 CRITICAL
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
CVE-2016-6553 1 Nuuo 2 Nt-4040 Titan, Nt-4040 Titan Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.
CVE-2018-13045 1 Yeswiki 1 Cercopitheque 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
CVE-2018-14720 4 Debian, Fasterxml, Oracle and 1 more 12 Debian Linux, Jackson-databind, Banking Platform and 9 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-1000627 1 Battelle 1 V2i Hub 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.
CVE-2018-16842 3 Canonical, Debian, Haxx 3 Ubuntu Linux, Debian Linux, Curl 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
CVE-2018-18765 1 Cesanta 1 Mongoose 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
CVE-2018-17254 1 Arkextensions 1 Jck Editor 2023-12-10 7.5 HIGH 9.8 CRITICAL
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
CVE-2018-19281 1 Centreon 1 Centreon 2023-12-10 7.5 HIGH 9.8 CRITICAL
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.