Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17473 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2018-1733 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. IBM X-Force ID: 147811. | |||||
| CVE-2018-17564 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | |||||
| CVE-2018-17201 | 1 Apache | 1 Commons Imaging | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging. | |||||
| CVE-2018-17200 | 1 Apache | 1 Ofbiz | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019 | |||||
| CVE-2018-17190 | 1 Apache | 1 Spark | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected. | |||||
| CVE-2018-1719 | 1 Ibm | 1 Websphere Application Server | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292. | |||||
| CVE-2018-17183 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | |||||
| CVE-2018-17144 | 2 Bitcoincore, Bitcoinknots | 2 Bitcoin Core, Bitcoin Knots | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash. | |||||
| CVE-2018-17108 | 1 Sbi | 1 Sbi Buddy | 2020-08-24 | 4.3 MEDIUM | 8.8 HIGH |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. | |||||
| CVE-2018-17060 | 1 Progress | 1 Telerik Extensions For Asp.net Mvc | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013. | |||||
| CVE-2018-17020 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line. | |||||
| CVE-2018-17011 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. | |||||
| CVE-2018-17010 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth. | |||||
| CVE-2018-17009 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. | |||||
| CVE-2018-17008 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. | |||||
| CVE-2018-17007 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid. | |||||
| CVE-2018-17006 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. | |||||
| CVE-2018-17005 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable. | |||||
| CVE-2018-17004 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name. | |||||
| CVE-2018-17016 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name. | |||||
| CVE-2018-17015 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. | |||||
| CVE-2018-16994 | 1 Phoenixcontact | 6 Axl F Bk Eth, Axl F Bk Eth Firmware, Axl F Bk Eth Xc and 3 more | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required. | |||||
| CVE-2018-17014 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name. | |||||
| CVE-2018-17013 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate. | |||||
| CVE-2018-17012 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit. | |||||
| CVE-2018-16950 | 1 Inteno | 2 Dg400, Dg400 Firmware | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof. | |||||
| CVE-2018-1694 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609. | |||||
| CVE-2018-1666 | 1 Ibm | 1 Datapower Gateway | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892. | |||||
| CVE-2018-1684 | 1 Ibm | 1 Websphere Mq | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. | |||||
| CVE-2018-16770 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. | |||||
| CVE-2018-16769 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. | |||||
| CVE-2018-16586 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources. | |||||
| CVE-2018-16613 | 1 Gvectors | 1 Wpforo Forum | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction. | |||||
| CVE-2018-16281 | 1 Deiser | 1 Profields-project Custom Fields | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control. | |||||
| CVE-2018-16178 | 1 Cybozu | 1 Garoon | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function. | |||||
| CVE-2018-16163 | 1 Opendolphin | 1 Opendolphin | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors. | |||||
| CVE-2018-16157 | 1 Bijiadao | 1 Waimai Super Cms | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free. | |||||
| CVE-2018-16075 | 1 Google | 1 Chrome | 2020-08-24 | 2.6 LOW | 5.3 MEDIUM |
| Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page. | |||||
| CVE-2018-16056 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. | |||||
| CVE-2018-15776 | 1 Dell | 2 Idrac7 Firmware, Idrac8 Firmware | 2020-08-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. | |||||
| CVE-2018-11396 | 1 Gnome | 1 Epiphany | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | |||||
| CVE-2018-14999 | 1 Leagoo | 2 P1, P1 Firmware | 2020-08-24 | 9.4 HIGH | 9.1 CRITICAL |
| The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory (versionCode=1, versionName=1.0) that contains an exported broadcast receiver named com.wtk.factory.MMITestReceiver allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app. | |||||
| CVE-2018-14992 | 1 Asus | 2 Zenfone 3 Max, Zenfone 3 Max Firmware | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService. | |||||
| CVE-2018-14876 | 1 Flif | 1 Flif | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng error concerning the IHDR image width. | |||||
| CVE-2018-14771 | 1 Vivotek | 1 Camera | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi. | |||||
| CVE-2018-14770 | 1 Vivotek | 1 Camera | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service). | |||||
| CVE-2018-14768 | 1 Vivotek | 1 Camera | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. | |||||
| CVE-2018-14077 | 1 Wi2be | 1 Smart Hp Wmt | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. | |||||
| CVE-2018-1000615 | 1 Onosproject | 1 Onos | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. | |||||