Total
23574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4068 | 1 Packetfence | 1 Packetfence | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | |||||
CVE-2018-4105 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. | |||||
CVE-2016-9080 | 1 Mozilla | 1 Firefox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1. | |||||
CVE-2017-17540 | 1 Fortinet | 1 Fortiwlc | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell. | |||||
CVE-2014-5014 | 1 Tinywebgallery | 1 Wordpress Flash Uploader | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | |||||
CVE-2018-7648 | 1 Uclouvain | 1 Openjpeg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. | |||||
CVE-2018-6822 | 1 Purevpn | 1 Purevpn | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root. | |||||
CVE-2018-4968 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
CVE-2018-6228 | 1 Trendmicro | 1 Email Encryption Gateway | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. | |||||
CVE-2015-9161 | 1 Qualcomm | 42 Msm8909w, Msm8909w Firmware, Sd 205 and 39 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, TOCTOU condition could lead to a buffer overflow in function playready_reader_bind(). | |||||
CVE-2018-7228 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges. | |||||
CVE-2017-16128 | 1 Npm-script-demo Project | 1 Npm-script-demo | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. | |||||
CVE-2018-6476 | 1 Superantispyware | 1 Superantispyware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. | |||||
CVE-2016-9880 | 1 Pivotal Software | 1 Gemfire For Pivotal Cloud Foundry | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. | |||||
CVE-2018-5978 | 1 Zechat Project | 1 Zechat | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. | |||||
CVE-2018-8755 | 1 Nucom | 2 Wr644gacv, Wr644gacv Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. | |||||
CVE-2017-12194 | 1 Spice-gtk Project | 1 Spice-gtk | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. | |||||
CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | |||||
CVE-2018-7251 | 1 Anchorcms | 1 Anchor | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred. | |||||
CVE-2018-4878 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. |