Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18160 | 1 Qualcomm | 16 Mdm9635m, Mdm9635m Firmware, Mdm9645 and 13 more | 2019-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850 | |||||
| CVE-2019-6798 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. | |||||
| CVE-2018-12666 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. | |||||
| CVE-2018-18753 | 1 Typecho | 1 Typecho | 2019-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | |||||
| CVE-2019-6805 | 1 S-cms | 1 S-cms | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. | |||||
| CVE-2018-15497 | 1 Mitel | 2 Mivoice 5330e, Mivoice 5330e Firmware | 2019-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. | |||||
| CVE-2018-8955 | 1 Bitdefender | 1 Gravityzone | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | |||||
| CVE-2018-12667 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions. | |||||
| CVE-2018-12668 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. | |||||
| CVE-2019-6440 | 1 Zemana | 1 Antimalware | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| Zemana AntiMalware before 3.0.658 Beta mishandles update logic. | |||||
| CVE-2018-18531 | 1 Kaptcha Project | 1 Kaptcha | 2019-01-25 | 5.0 MEDIUM | 9.8 CRITICAL |
| text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | |||||
| CVE-2018-17157 | 1 Freebsd | 1 Freebsd | 2019-01-24 | 10.0 HIGH | 9.8 CRITICAL |
| In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code. | |||||
| CVE-2018-5915 | 1 Qualcomm | 42 Mdm9607, Mdm9607 Firmware, Mdm9640 and 39 more | 2019-01-24 | 10.0 HIGH | 9.8 CRITICAL |
| Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 | |||||
| CVE-2018-4281 | 1 Apple | 1 Swiftnio | 2019-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. | |||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2019-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | |||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2019-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | |||||
| CVE-2019-6497 | 1 Hotels Server Project | 1 Hotels Server | 2019-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. | |||||
| CVE-2018-20577 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2019-01-22 | 9.4 HIGH | 9.1 CRITICAL |
| Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2019-6444 | 1 Ntpsec | 1 Ntpsec | 2019-01-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd. | |||||
| CVE-2019-6443 | 1 Ntpsec | 1 Ntpsec | 2019-01-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. | |||||
| CVE-2019-6295 | 1 Skymoonlabs | 1 Cleanto | 2019-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. | |||||
| CVE-2019-6296 | 1 Skymoonlabs | 1 Cleanto | 2019-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter. | |||||
| CVE-2018-18389 | 1 Neo4j | 1 Neo4j | 2019-01-18 | 7.5 HIGH | 9.8 CRITICAL |
| Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password. | |||||
| CVE-2019-0247 | 1 Sap | 1 Cloud Connector | 2019-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2019-5893 | 1 Nelson-it | 1 Open Source Erp | 2019-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter. | |||||
| CVE-2018-4147 | 2 Apple, Microsoft | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-01-17 | 6.8 MEDIUM | 9.8 CRITICAL |
| In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. | |||||
| CVE-2018-4169 | 1 Apple | 1 Mac Os X | 2019-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2018-4189 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2019-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2015-9277 | 1 Mailenable | 1 Mailenable | 2019-01-17 | 7.5 HIGH | 9.1 CRITICAL |
| MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | |||||
| CVE-2018-18928 | 1 Icu-project | 1 International Components For Unicode | 2019-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. | |||||
| CVE-2018-20318 | 1 Wxjava Project | 1 Wxjava | 2019-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. | |||||
| CVE-2019-5312 | 1 Wxjava Project | 1 Wxjava | 2019-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318. | |||||
| CVE-2019-6259 | 1 Icmsdev | 1 Icms | 2019-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | |||||
| CVE-2018-4254 | 1 Apple | 1 Mac Os X | 2019-01-16 | 10.0 HIGH | 9.8 CRITICAL |
| In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation. | |||||
| CVE-2018-4257 | 1 Apple | 1 Mac Os X | 2019-01-16 | 10.0 HIGH | 9.8 CRITICAL |
| In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. | |||||
| CVE-2018-4258 | 1 Apple | 1 Mac Os X | 2019-01-16 | 10.0 HIGH | 9.8 CRITICAL |
| In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. | |||||
| CVE-2018-0705 | 1 Cybozu | 1 Dezie | 2019-01-15 | 7.5 HIGH | 9.1 CRITICAL |
| Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. | |||||
| CVE-2018-16068 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-15 | 6.8 MEDIUM | 9.6 CRITICAL |
| Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2018-16167 | 1 Jpcert | 1 Logontracer | 2019-01-15 | 10.0 HIGH | 9.8 CRITICAL |
| LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-16168 | 1 Jpcert | 1 Logontracer | 2019-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. | |||||
| CVE-2018-19240 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2019-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | |||||
| CVE-2018-19415 | 1 Plikli | 1 Plikli Cms | 2019-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php. | |||||
| CVE-2018-19925 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter. | |||||
| CVE-2018-12671 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) web interface can disclose information about the camera including all password sets set within the camera. This information can then be used to gain access to the web interface. | |||||
| CVE-2018-1000631 | 1 Battelle | 1 V2i Hub | 2019-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database. | |||||
| CVE-2018-1000625 | 1 Battelle | 1 V2i Hub | 2019-01-11 | 10.0 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system. | |||||
| CVE-2018-20569 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2019-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass. | |||||
| CVE-2018-13342 | 1 Linhandante | 1 Anda | 2019-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| The server API in the Anda app relies on hardcoded credentials. | |||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2019-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | |||||
| CVE-2018-20605 | 1 Txjia | 1 Imcat | 2019-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | |||||