Vulnerabilities (CVE)

Total 23574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4068 1 Packetfence 1 Packetfence 2023-12-10 7.5 HIGH 9.8 CRITICAL
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
CVE-2018-4105 1 Apple 1 Mac Os X 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.
CVE-2016-9080 1 Mozilla 1 Firefox 2023-12-10 7.5 HIGH 9.8 CRITICAL
Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.
CVE-2017-17540 1 Fortinet 1 Fortiwlc 2023-12-10 10.0 HIGH 9.8 CRITICAL
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
CVE-2014-5014 1 Tinywebgallery 1 Wordpress Flash Uploader 2023-12-10 7.5 HIGH 9.8 CRITICAL
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
CVE-2018-7648 1 Uclouvain 1 Openjpeg 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
CVE-2018-6822 1 Purevpn 1 Purevpn 2023-12-10 10.0 HIGH 9.8 CRITICAL
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.
CVE-2018-4968 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-6228 1 Trendmicro 1 Email Encryption Gateway 2023-12-10 10.0 HIGH 9.8 CRITICAL
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVE-2015-9161 1 Qualcomm 42 Msm8909w, Msm8909w Firmware, Sd 205 and 39 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, TOCTOU condition could lead to a buffer overflow in function playready_reader_bind().
CVE-2018-7228 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
CVE-2017-16128 1 Npm-script-demo Project 1 Npm-script-demo 2023-12-10 10.0 HIGH 9.8 CRITICAL
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
CVE-2018-6476 1 Superantispyware 1 Superantispyware 2023-12-10 10.0 HIGH 9.8 CRITICAL
In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.
CVE-2016-9880 1 Pivotal Software 1 Gemfire For Pivotal Cloud Foundry 2023-12-10 7.5 HIGH 9.8 CRITICAL
The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker.
CVE-2018-5978 1 Zechat Project 1 Zechat 2023-12-10 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
CVE-2018-8755 1 Nucom 2 Wr644gacv, Wr644gacv Firmware 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.
CVE-2017-12194 1 Spice-gtk Project 1 Spice-gtk 2023-12-10 10.0 HIGH 9.8 CRITICAL
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
CVE-2018-5455 1 Moxa 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
CVE-2018-7251 1 Anchorcms 1 Anchor 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
CVE-2018-4878 6 Adobe, Apple, Google and 3 more 10 Flash Player, Macos, Chrome Os and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.