Total
23741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5384 | 1 Navarino | 1 Infinity | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available with no authentication. | |||||
| CVE-2018-17378 | 1 Thephpfactory | 1 Penny Auction Factory | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter. | |||||
| CVE-2018-14685 | 1 Gxlcms | 1 Gxlcms | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php. | |||||
| CVE-2018-12407 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64. | |||||
| CVE-2018-1000626 | 1 Battelle | 1 V2i Hub | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the system. | |||||
| CVE-2017-2877 | 1 Foscam | 2 C1, C1 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication. | |||||
| CVE-2018-18834 | 1 Mz-automation | 1 Libiec61850 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | |||||
| CVE-2018-20338 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | |||||
| CVE-2018-14822 | 1 Entes | 2 Emg-12, Emg-12 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. | |||||
| CVE-2019-3464 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | |||||
| CVE-2018-15379 | 1 Cisco | 1 Prime Infrastructure | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication. | |||||
| CVE-2018-13861 | 1 Trivum | 2 Webtouch Setup V9, Webtouch Setup V9 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
| CVE-2018-13416 | 1 Spirton | 1 Universal Media Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. | |||||
| CVE-2019-7234 | 1 Idreamsoft | 1 Icms | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. | |||||
| CVE-2018-18998 | 1 Lcds | 1 Laquis Scada | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. | |||||
| CVE-2018-12814 | 1 Adobe | 1 Digital Editions | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-18764 | 1 Cesanta | 1 Mongoose | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2018-14532 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846. | |||||
| CVE-2018-1000625 | 1 Battelle | 1 V2i Hub | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system. | |||||
| CVE-2018-1727 | 1 Ibm | 1 Infosphere Information Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630. | |||||