Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0718 1 Qnap 2 Music Station, Qts 2019-10-03 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
CVE-2017-9709 1 Google 1 Android 2019-10-03 7.5 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.
CVE-2017-9855 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
CVE-2017-9859 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
CVE-2017-12999 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
CVE-2017-13019 1 Tcpdump 1 Tcpdump 2019-10-03 7.5 HIGH 9.8 CRITICAL
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
CVE-2018-6295 1 Hanwha-security 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams
CVE-2018-19409 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19410 1 Paessler 1 Prtg Network Monitor 2019-10-03 7.5 HIGH 9.8 CRITICAL
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
CVE-2018-19515 1 Ens 1 Webgalamb 2019-10-03 7.5 HIGH 9.8 CRITICAL
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.
CVE-2018-19987 1 D-link 12 Dir-818lw, Dir-818lw Firmware, Dir-822 and 9 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
CVE-2018-10562 1 Dasannetworks 2 Gpon Router, Gpon Router Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
CVE-2018-19986 1 D-link 4 Dir-818lw, Dir-818lw Firmware, Dir-822 and 1 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string.
CVE-2018-20100 1 August 2 August Connect, August Connect Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.
CVE-2018-20394 1 Technicolor 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20395 1 Net-wave 2 Ming6200, Ming6200 Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20396 1 Net-wave 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20397 1 Mplustec 2 Cbc383z, Cbc383z Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20398 1 Skyworthdigital 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20399 1 Motorola 6 Sbg901, Sbg901 Firmware, Sbg941 and 3 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20400 1 Ubeeinteractive 4 Dvw2108, Dvw2108 Firmware, Dvw2110 and 1 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20401 1 Zoomtel 2 5352, 5352 Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2017-15999 1 Nq 1 Contacts Backup \& Restore 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.
CVE-2017-15994 1 Samba 1 Rsync 2019-10-03 7.5 HIGH 9.8 CRITICAL
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.
CVE-2018-3594 1 Qualcomm 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings.
CVE-2018-3596 1 Google 1 Android 2019-10-03 7.5 HIGH 9.8 CRITICAL
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed.
CVE-2018-10285 1 Ericssonlg 1 Ipecs Nms 2019-10-03 7.5 HIGH 9.8 CRITICAL
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
CVE-2018-3641 1 Intel 2 Remote Keyboard, Remote Keyboard Mobile App 2019-10-03 7.5 HIGH 9.8 CRITICAL
Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.
CVE-2018-4110 1 Apple 1 Iphone Os 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence.
CVE-2018-5328 1 Beims 1 Contractorweb.net 2019-10-03 7.5 HIGH 9.8 CRITICAL
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details.
CVE-2018-5339 1 Zohocorp 1 Manageengine Desktop Central 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
CVE-2018-5377 1 Discuz 1 Discuzx 2019-10-03 7.5 HIGH 9.8 CRITICAL
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
CVE-2018-10192 1 Ipvanish 1 Ipvanish 2019-10-03 10.0 HIGH 9.8 CRITICAL
IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the "connect" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user.
CVE-2018-5770 1 Tendacn 2 Ac15, Ac15 Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in.
CVE-2018-5777 1 Ipswitch 1 Whatsup Gold 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.
CVE-2018-5855 1 Google 1 Android 2019-10-03 10.0 HIGH 9.8 CRITICAL
While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.
CVE-2018-5882 1 Qualcomm 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
CVE-2018-6292 1 Hyland 1 Saperion Web Client 2019-10-03 10.0 HIGH 9.8 CRITICAL
Remote Code Execution in Saperion Web Client version 7.5.2 83166.
CVE-2018-1000885 1 Phkp Project 1 Phkp 2019-10-03 7.5 HIGH 9.8 CRITICAL
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search.
CVE-2018-6521 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2019-10-03 7.5 HIGH 9.8 CRITICAL
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
CVE-2018-6624 1 Omron 7 Ns10, Ns12, Ns15 and 4 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.
CVE-2018-6835 1 Etherpad 1 Etherpad 2019-10-03 7.5 HIGH 9.8 CRITICAL
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.
CVE-2018-6871 4 Canonical, Debian, Libreoffice and 1 more 9 Ubuntu Linux, Debian Linux, Libreoffice and 6 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
CVE-2018-7066 1 Arubanetworks 1 Clearpass Policy Manager 2019-10-03 9.3 HIGH 9.0 CRITICAL
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.
CVE-2018-7259 1 Flightsimlabs 1 A320-x 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.
CVE-2018-7072 1 Hp 1 Moonshot Provisioning Manager 2019-10-03 7.5 HIGH 9.8 CRITICAL
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2017-6409 1 Veritas 2 Netbackup, Netbackup Appliance 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
CVE-2018-7297 1 Eq-3 2 Homematic Central Control Unit Ccu2, Homematic Central Control Unit Ccu2 Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
CVE-2018-7702 1 Securenvoy 1 Securmail 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
CVE-2018-7785 1 Schneider-electric 1 U.motion Builder 2019-10-03 7.5 HIGH 9.8 CRITICAL
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.