Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3586 | 1 Google | 1 Android | 2018-08-28 | 10.0 HIGH | 9.8 CRITICAL |
| An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2018-12113 | 1 Coreftp | 1 Core Ftp | 2018-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response. | |||||
| CVE-2016-2337 | 1 Ruby-lang | 1 Ruby | 2018-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. | |||||
| CVE-2018-12908 | 1 Brynamics | 1 Brynamics | 2018-08-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | |||||
| CVE-2018-13410 | 1 Info-zip Project | 1 Zip | 2018-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands. | |||||
| CVE-2018-12924 | 1 Eztcp | 16 Cie-h10, Cie-h10 Firmware, Cie-h12 and 13 more | 2018-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service. | |||||
| CVE-2017-5897 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | |||||
| CVE-2018-3753 | 1 Merge-object Project | 1 Merge-object | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2018-08-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | |||||
| CVE-2018-3752 | 1 Merge-options Project | 1 Merge-options | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3749 | 1 Deap Project | 1 Deap | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3750 | 1 Deep Extend Project | 1 Deep Extend | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-13116 | 1 Zzcms | 1 Zzcms | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | |||||
| CVE-2018-12714 | 1 Linux | 1 Linux Kernel | 2018-08-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. | |||||
| CVE-2018-13008 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level. | |||||
| CVE-2018-13011 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. | |||||
| CVE-2018-13009 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional on a buffer_size_longs check). | |||||
| CVE-2018-13007 | 1 Gopro | 1 Gpmf-parser | 2018-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditional on a buffer_size_longs check). | |||||
| CVE-2018-12984 | 1 Hycus Cms Project | 1 Hycus Cms | 2018-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials. | |||||
| CVE-2018-12914 | 1 Publiccms | 1 Publiccms | 2018-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI. | |||||
| CVE-2018-12933 | 1 Winehq | 1 Wine | 2018-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index. | |||||
| CVE-2018-12916 | 1 Pbc Project | 1 Pbc | 2018-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c. | |||||
| CVE-2018-1000554 | 1 Trovebox | 1 Trovebox | 2018-08-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | |||||
| CVE-2017-16740 | 1 Rockwellautomation | 12 1766-l32awa, 1766-l32awa Firmware, 1766-l32awaa and 9 more | 2018-08-16 | 7.5 HIGH | 10.0 CRITICAL |
| A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2017-8046 | 1 Pivotal Software | 2 Spring Boot, Spring Data Rest | 2018-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. | |||||
| CVE-2018-12526 | 1 Telesquare | 4 Sdt-cs3b1, Sdt-cs3b1 Firmware, Sdt-cw3b1 and 1 more | 2018-08-14 | 10.0 HIGH | 9.8 CRITICAL |
| Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. | |||||
| CVE-2018-5147 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Firefox Esr | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. | |||||
| CVE-2018-10969 | 1 Genetechsolutions | 1 Pie Register | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | |||||
| CVE-2018-11221 | 1 Artica | 1 Pandora Fms | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | |||||
| CVE-2018-10997 | 1 Etere | 1 Etereweb | 2018-08-14 | 10.0 HIGH | 9.8 CRITICAL |
| Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. | |||||
| CVE-2015-4043 | 1 Connx | 1 Esp Hr Management | 2018-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. | |||||
| CVE-2016-9555 | 1 Linux | 1 Linux Kernel | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. | |||||
| CVE-2017-6350 | 1 Vim | 1 Vim | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | |||||
| CVE-2017-6349 | 1 Vim | 1 Vim | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | |||||
| CVE-2015-3991 | 1 Strongswan | 1 Strongswan | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. | |||||
| CVE-2014-7921 | 1 Google | 1 Android | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | |||||
| CVE-2014-7920 | 1 Google | 1 Android | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. | |||||
| CVE-2015-7264 | 1 Proxygen Project | 1 Proxygen | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | |||||
| CVE-2018-12678 | 1 Portainer | 1 Portainer | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | |||||
| CVE-2017-7778 | 3 Debian, Mozilla, Sil | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2018-12531 | 1 Metinfo | 1 Metinfo | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271. | |||||
| CVE-2018-6213 | 1 D-link | 2 Dir-620, Dir-620 Firmware | 2018-08-11 | 10.0 HIGH | 9.8 CRITICAL |
| In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. | |||||
| CVE-2018-5488 | 1 Netapp | 2 Santricity Storage Manager, Santricity Web Services Proxy | 2018-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | |||||
| CVE-2018-12292 | 1 Palemoon | 1 Pale Moon | 2018-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3. | |||||
| CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr | 2018-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2018-12562 | 1 Cantata Project | 1 Cantata | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string). | |||||
| CVE-2018-12336 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2018-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. | |||||
| CVE-2014-3413 | 1 Juniper | 1 Junos Space | 2018-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2018-12421 | 1 Ltb-project | 1 Ldap Tool Box Self Service Password | 2018-08-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | |||||