Total
23734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9266 | 2 Ubnt, Ui | 23 Airos 4 Xs2, Airos 4 Xs5, Edgeswitch Xp Firmware and 20 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. | |||||
| CVE-2017-8992 | 1 Hp | 1 Centralview Fraud Risk Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-18314 | 5 Canonical, Debian, Netapp and 2 more | 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | |||||
| CVE-2018-5070 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-17172 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. | |||||
| CVE-2018-13385 | 1 Atlassian | 1 Sourcetree | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability. | |||||
| CVE-2018-12785 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-20480 | 1 S-cms | 1 S-cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter. | |||||
| CVE-2017-11563 | 1 Dlink | 2 Eyeon Baby Monitor, Eyeon Baby Monitor Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device. | |||||
| CVE-2018-13307 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | |||||
| CVE-2018-17532 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2018-20300 | 1 Phome | 1 Empirecms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. | |||||
| CVE-2018-19548 | 1 Rudrasoftech | 1 Edusec | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2018-9208 | 1 Tuyoshi | 1 Jquery Picture Cut | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta | |||||
| CVE-2018-7359 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-0682 | 1 Neo | 2 Debun Imap, Debun Pop | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors. | |||||
| CVE-2018-15715 | 1 Zoom | 1 Zoom | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. | |||||
| CVE-2018-1851 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. | |||||
| CVE-2018-18861 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command. | |||||