Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19410 1 Paessler 1 Prtg Network Monitor 2019-10-03 7.5 HIGH 9.8 CRITICAL
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
CVE-2018-19409 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19367 1 Portainer 1 Portainer 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVE-2018-19290 1 Budabot 1 Budabot 2019-10-03 7.5 HIGH 9.8 CRITICAL
In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code.
CVE-2018-6634 3 Canonical, Microsoft, Parsecgaming 3 Ubuntu Linux, Windows, Parsec 2019-10-03 7.5 HIGH 9.8 CRITICAL
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.
CVE-2018-19207 1 Van-ons 1 Wp-gdpr-compliance 2019-10-03 7.5 HIGH 9.8 CRITICAL
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
CVE-2018-19168 1 Fruitywifi Project 1 Fruitywifi 2019-10-03 10.0 HIGH 9.8 CRITICAL
Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.
CVE-2018-19078 2 Foscam, Opticam 6 C2, C2 Application Firmware, C2 System Firmware and 3 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password.
CVE-2018-18922 1 Abisoftgt 1 Ticketly 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
CVE-2018-18505 4 Canonical, Debian, Mozilla and 1 more 11 Ubuntu Linux, Debian Linux, Firefox and 8 more 2019-10-03 7.5 HIGH 10.0 CRITICAL
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
CVE-2018-17969 1 Samsung 2 Scx-6545x, Scx-6545x Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests.
CVE-2017-13018 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
CVE-2018-17161 1 Freebsd 1 Freebsd 2019-10-03 7.5 HIGH 9.8 CRITICAL
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.
CVE-2018-17137 1 Prezi 1 Next 2019-10-03 7.5 HIGH 9.8 CRITICAL
Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.
CVE-2018-16947 2 Debian, Openafs 2 Debian Linux, Openafs 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.
CVE-2018-16709 1 Fujixerox 18 Apeosport-v 5070, Apeosport-v 5070 Firmware, Apeosport-v C3375 and 15 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands.
CVE-2018-16395 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
CVE-2018-16223 1 Qbeecam 1 Qbeecam 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
CVE-2018-16203 1 Pgpool 1 Pgpooladmin 2019-10-03 7.5 HIGH 9.8 CRITICAL
PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.
CVE-2018-15708 1 Nagios 1 Nagios Xi 2019-10-03 7.5 HIGH 9.8 CRITICAL
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-14982 2 Google, Lg 15 Android, G5, G6 and 12 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
CVE-2018-14981 2 Google, Lg 15 Android, G5, G6 and 12 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.
CVE-2018-14933 1 Nuuo 2 Nvrmini, Nvrmini Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVE-2018-1475 1 Ibm 1 Bigfix Platform 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 140756.
CVE-2018-14706 1 Drobo 2 5n2, 5n2 Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.
CVE-2018-14699 1 Drobo 2 5n2, 5n2 Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.
CVE-2018-15486 1 Kone 2 Group Controller, Group Controller Firmware 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02.
CVE-2018-14565 1 Thunlp 1 Thulac 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
CVE-2018-14558 1 Tenda 6 Ac10, Ac10 Firmware, Ac7 and 3 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVE-2018-14532 1 Axiosys 1 Bento4 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846.
CVE-2018-13862 1 Trivum 2 Webtouch Setup V9, Webtouch Setup V9 Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
CVE-2018-13861 1 Trivum 2 Webtouch Setup V9, Webtouch Setup V9 Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
CVE-2018-13859 1 Trivum 2 C4 Professional, C4 Professional Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
CVE-2018-13858 1 Trivum 2 C4 Professional, C4 Professional Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
CVE-2018-13421 1 Fast-cpp-csv-parser Project 1 Fast-cpp-csv-parser 2019-10-03 7.5 HIGH 9.8 CRITICAL
Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h.
CVE-2018-13324 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
CVE-2018-13314 1 Totolink 2 A3002ru, A3002ru Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
CVE-2018-13101 1 Redswimmer 1 Kiosksimple 2019-10-03 10.0 HIGH 9.8 CRITICAL
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.
CVE-2018-12972 1 Opentsdb 1 Opentsdb 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.
CVE-2018-12917 1 Pbc Project 1 Pbc 2019-10-03 7.5 HIGH 9.8 CRITICAL
In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.
CVE-2018-1287 1 Apache 1 Jmeter 2019-10-03 7.5 HIGH 9.8 CRITICAL
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
CVE-2018-12805 1 Adobe 1 Connect 2019-10-03 7.5 HIGH 9.8 CRITICAL
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2018-12369 2 Canonical, Mozilla 3 Ubuntu Linux, Firefox, Firefox Esr 2019-10-03 7.5 HIGH 9.8 CRITICAL
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.
CVE-2018-12313 1 Asustor 2 As602t, Data Master 2019-10-03 10.0 HIGH 9.8 CRITICAL
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
CVE-2018-12268 1 Acccheck Project 1 Acccheck.pl 2019-10-03 7.5 HIGH 9.8 CRITICAL
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.
CVE-2018-12171 1 Intel 31 Bbs2600bpb, Bbs2600bpq, Bbs2600bps and 28 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.
CVE-2018-1217 1 Dell 2 Emc Avamar, Emc Integrated Data Protection Appliance 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.
CVE-2018-1143 1 Belkin 2 N750, N750 Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
CVE-2018-11284 1 Qualcomm 24 Mdm9206, Mdm9206 Firmware, Mdm9607 and 21 more 2019-10-03 8.5 HIGH 9.3 CRITICAL
Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20
CVE-2018-10562 1 Dasannetworks 2 Gpon Router, Gpon Router Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.