Vulnerabilities (CVE)

Total 23574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5999 1 Asus 1 Asuswrt 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
CVE-2017-1002101 1 Kubernetes 1 Kubernetes 2023-12-10 5.5 MEDIUM 9.6 CRITICAL
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
CVE-2018-7539 1 Appeartv 4 Xc5000, Xc5000 Firmware, Xc5100 and 1 more 2023-12-10 7.8 HIGH 9.8 CRITICAL
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device.
CVE-2018-4924 2 Adobe, Microsoft 2 Dreamweaver, Windows 2023-12-10 10.0 HIGH 9.8 CRITICAL
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-7793 3 Debian, Mozilla, Redhat 10 Debian Linux, Firefox, Firefox Esr and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
CVE-2018-12933 1 Winehq 1 Wine 2023-12-10 7.5 HIGH 9.8 CRITICAL
PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.
CVE-2018-1383 1 Ibm 1 Aix 2023-12-10 9.0 HIGH 9.1 CRITICAL
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.
CVE-2018-12984 1 Hycus Cms Project 1 Hycus Cms 2023-12-10 7.5 HIGH 9.8 CRITICAL
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.
CVE-2017-1789 1 Ibm 1 Tivoli Monitoring 2023-12-10 7.5 HIGH 9.8 CRITICAL
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
CVE-2017-5430 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
CVE-2016-10233 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.
CVE-2017-17655 1 Quest 1 Netvault Backup 2023-12-10 7.5 HIGH 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4289.
CVE-2015-9192 1 Qualcomm 52 Mdm9206, Mdm9206 Firmware, Mdm9650 and 49 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, out of bounds memory access vulnerability may occur in the content protection manager due to improper validation of incoming messages.
CVE-2017-8957 1 Hp 1 Intelligent Management Center 2023-12-10 10.0 HIGH 9.8 CRITICAL
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
CVE-2018-7761 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
CVE-2018-3590 1 Qualcomm 28 Msm8909w, Msm8909w Firmware, Sd 205 and 25 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, a Use After Free condition can occur in RIL while handling requests from Android.
CVE-2018-11535 1 Sitemakin 1 Slac 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.
CVE-2015-9208 1 Qualcomm 36 Ipq4019, Ipq4019 Firmware, Mdm9206 and 33 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, the function tzbsp_pil_verify_sig() does not strictly check that the pointer to ELF and program headers and hash segment is within secure memory. It only checks that the address is not in non-secure memory. A given address range can overlap with both secure and non-secure regions - hence if such an address is passed in, it would not pass the non-secure range check, and would be considered valid by the function, even though that memory area could be modified by the non-secure side.
CVE-2018-13011 1 Gopro 1 Gpmf-parser 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate.
CVE-2018-3739 1 Https-proxy-agent Project 1 Https-proxy-agent 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).