Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-18319 | 1 Asuswrt-merlin Project | 28 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 25 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution. | |||||
| CVE-2018-18320 | 1 Asuswrt-merlin Project | 28 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 25 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution. | |||||
| CVE-2018-18388 | 1 Escanav | 1 Escan Anti-virus | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technologies eScan 14.0 allows remote or local attackers to execute arbitrary commands by sending a carefully crafted payload to TCP port 2222. | |||||
| CVE-2018-18395 | 1 Moxa | 1 Thingspro | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18396 | 1 Moxa | 1 Thingspro | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18498 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-18602 | 1 Guardzilla | 12 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 9 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. | |||||
| CVE-2018-18649 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. | |||||
| CVE-2018-18698 | 1 Mi | 2 Xiaomi Mi-a1, Xiaomi Mi-a1 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. | |||||
| CVE-2018-18748 | 1 Sandboxie | 1 Sandboxie | 2020-08-24 | 10.0 HIGH | 10.0 CRITICAL |
| ** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality. | |||||
| CVE-2018-18810 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2020-08-24 | 4.0 MEDIUM | 9.9 CRITICAL |
| The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0. | |||||
| CVE-2018-18834 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. | |||||
| CVE-2018-18871 | 1 Gigasetpro | 2 Maxwell Basic, Maxwell Basic Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). | |||||
| CVE-2018-18912 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2018-18941 | 1 Vignette | 1 Content Management | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is discontinued. | |||||
| CVE-2018-18957 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c. | |||||
| CVE-2018-19082 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. | |||||
| CVE-2018-19115 | 3 Debian, Keepalived, Redhat | 7 Debian Linux, Keepalived, Enterprise Linux Server and 4 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. | |||||
| CVE-2018-19185 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector. | |||||
| CVE-2018-19248 | 1 Epson | 2 Epson Workforce Wf-2861, Epson Workforce Wf-2861 Firmware | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. | |||||
| CVE-2018-19275 | 1 Mitel | 2 Cmg Suite, Inattend | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. | |||||
| CVE-2018-19333 | 1 Google | 1 Gvisor | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled. | |||||
| CVE-2018-19392 | 1 Cobham | 4 Satcom Sailor 250, Satcom Sailor 250 Firmware, Satcom Sailor 500 and 1 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). | |||||
| CVE-2018-19466 | 1 Portainer | 1 Portainer | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. | |||||
| CVE-2018-19548 | 1 Rudrasoftech | 1 Edusec | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2018-19716 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-19879 | 1 Teltonika | 2 Rut950, Rut950 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. | |||||
| CVE-2018-19971 | 1 Jfrog | 1 Artifactory | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. | |||||
| CVE-2018-19991 | 1 Verynginx Project | 1 Verynginx | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230. | |||||
| CVE-2018-20053 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network. | |||||
| CVE-2018-20056 | 1 D-link | 4 Dir-605l, Dir-605l Firmware, Dir-619l and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | |||||
| CVE-2018-20122 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability. | |||||
| CVE-2018-20177 | 1 Rdesktop | 1 Rdesktop | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | |||||
| CVE-2018-20181 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | |||||
| CVE-2018-20305 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. | |||||
| CVE-2018-20325 | 1 Definitions Project | 1 Definitions | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution. | |||||
| CVE-2018-1000059 | 1 Validformbuilder | 1 Validform Builder | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system. | |||||
| CVE-2018-1000116 | 2 Debian, Net-snmp | 2 Debian Linux, Net-snmp | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. | |||||
| CVE-2018-1000140 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | |||||
| CVE-2018-1000300 | 2 Canonical, Haxx | 2 Ubuntu Linux, Curl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. | |||||
| CVE-2018-1000525 | 1 Openpsa2 | 1 Openpsa | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0. | |||||
| CVE-2018-1000544 | 3 Debian, Redhat, Rubyzip Project | 3 Debian Linux, Cloudforms, Rubyzip | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | |||||
| CVE-2018-1000618 | 1 Eosio Project | 1 Eos | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . | |||||
| CVE-2018-1000641 | 1 Yeswiki | 1 Yeswiki | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | |||||
| CVE-2018-1000851 | 1 Copay | 1 Copay Bitcoin Wallet | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later . | |||||
| CVE-2018-1000884 | 1 Vestacp | 1 Vesta Control Panel | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19. | |||||
| CVE-2018-10085 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files. | |||||
| CVE-2018-10171 | 1 Kromtech | 1 Mackeeper | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user. | |||||
| CVE-2018-10698 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user. | |||||