Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0718 | 1 Qnap | 2 Music Station, Qts | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | |||||
| CVE-2017-9709 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. | |||||
| CVE-2017-9855 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. | |||||
| CVE-2017-9859 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. | |||||
| CVE-2017-12999 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). | |||||
| CVE-2017-13019 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||||
| CVE-2018-6295 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Unencrypted way of remote control and communications in Hanwha Techwin Smartcams | |||||
| CVE-2018-19409 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |||||
| CVE-2018-19410 | 1 Paessler | 1 Prtg Network Monitor | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator). | |||||
| CVE-2018-19515 | 1 Ens | 1 Webgalamb | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users. | |||||
| CVE-2018-19987 | 1 D-link | 12 Dir-818lw, Dir-818lw Firmware, Dir-822 and 9 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string. | |||||
| CVE-2018-10562 | 1 Dasannetworks | 2 Gpon Router, Gpon Router Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. | |||||
| CVE-2018-19986 | 1 D-link | 4 Dir-818lw, Dir-818lw Firmware, Dir-822 and 1 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. | |||||
| CVE-2018-20100 | 1 August | 2 August Connect, August Connect Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app. | |||||
| CVE-2018-20394 | 1 Technicolor | 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20395 | 1 Net-wave | 2 Ming6200, Ming6200 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20396 | 1 Net-wave | 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20397 | 1 Mplustec | 2 Cbc383z, Cbc383z Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20399 | 1 Motorola | 6 Sbg901, Sbg901 Firmware, Sbg941 and 3 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20400 | 1 Ubeeinteractive | 4 Dvw2108, Dvw2108 Firmware, Dvw2110 and 1 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20401 | 1 Zoomtel | 2 5352, 5352 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2017-15999 | 1 Nq | 1 Contacts Backup \& Restore | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required. | |||||
| CVE-2017-15994 | 1 Samba | 1 Rsync | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. | |||||
| CVE-2018-3594 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings. | |||||
| CVE-2018-3596 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed. | |||||
| CVE-2018-10285 | 1 Ericssonlg | 1 Ipecs Nms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | |||||
| CVE-2018-3641 | 1 Intel | 2 Remote Keyboard, Remote Keyboard Mobile App | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user. | |||||
| CVE-2018-4110 | 1 Apple | 1 Iphone Os | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence. | |||||
| CVE-2018-5328 | 1 Beims | 1 Contractorweb.net | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details. | |||||
| CVE-2018-5339 | 1 Zohocorp | 1 Manageengine Desktop Central | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | |||||
| CVE-2018-5377 | 1 Discuz | 1 Discuzx | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | |||||
| CVE-2018-10192 | 1 Ipvanish | 1 Ipvanish | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the "connect" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user. | |||||
| CVE-2018-5770 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. | |||||
| CVE-2018-5777 | 1 Ipswitch | 1 Whatsup Gold | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors. | |||||
| CVE-2018-5855 | 1 Google | 1 Android | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur. | |||||
| CVE-2018-5882 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2018-6292 | 1 Hyland | 1 Saperion Web Client | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code Execution in Saperion Web Client version 7.5.2 83166. | |||||
| CVE-2018-1000885 | 1 Phkp Project | 1 Phkp | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search. | |||||
| CVE-2018-6521 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2018-6624 | 1 Omron | 7 Ns10, Ns12, Ns15 and 4 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. | |||||
| CVE-2018-6835 | 1 Etherpad | 1 Etherpad | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2018-6871 | 4 Canonical, Debian, Libreoffice and 1 more | 9 Ubuntu Linux, Debian Linux, Libreoffice and 6 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | |||||
| CVE-2018-7066 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2019-10-03 | 9.3 HIGH | 9.0 CRITICAL |
| An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix. | |||||
| CVE-2018-7259 | 1 Flightsimlabs | 1 A320-x | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232. | |||||
| CVE-2018-7072 | 1 Hp | 1 Moonshot Provisioning Manager | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
| CVE-2017-6409 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | |||||
| CVE-2018-7297 | 1 Eq-3 | 2 Homematic Central Control Unit Ccu2, Homematic Central Control Unit Ccu2 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. | |||||
| CVE-2018-7702 | 1 Securenvoy | 1 Securmail | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization. | |||||
| CVE-2018-7785 | 1 Schneider-electric | 1 U.motion Builder | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | |||||
