Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16417 | 2 Arubanetworks, Siemens | 3 Instant, W1750d, W1750d Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | |||||
| CVE-2018-16483 | 1 Express-cart Project | 1 Express-cart | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. | |||||
| CVE-2018-16522 | 1 Amazon | 1 Amazon Web Services Freertos | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt. | |||||
| CVE-2018-16530 | 1 Forcepoint | 1 Email Security | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation. | |||||
| CVE-2018-16542 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. | |||||
| CVE-2018-16586 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources. | |||||
| CVE-2018-16591 | 1 Furuno | 4 Felcom 250, Felcom 250 Firmware, Felcom 500 and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. | |||||
| CVE-2018-16593 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2020-08-24 | 8.3 HIGH | 8.8 HIGH |
| The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection. | |||||
| CVE-2018-16596 | 1 Swisscom | 8 Internet-box 2, Internet-box 2 Firmware, Internet-box Light and 5 more | 2020-08-24 | 5.4 MEDIUM | 7.5 HIGH |
| A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again. | |||||
| CVE-2018-16606 | 1 Proconf | 1 Proconf | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). | |||||
| CVE-2018-16613 | 1 Gvectors | 1 Wpforo Forum | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction. | |||||
| CVE-2018-16618 | 1 Vtech | 9 80-183803, 80-183804, 80-183805 and 6 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of random characters followed by the name of an Android activity to start. Activities are started by inserting their name into a string that is executed in a shell command. By inserting metacharacters this can be exploited to run arbitrary commands as root. The requests also match those of the HTTP protocol and can be triggered on any web page rendered on the device by requesting resources stored at an http://127.0.0.1:1668/ URI, as demonstrated by the http://127.0.0.1:1668/dacdb70556479813fab2d92896596eef?';{ping,example.org}' URL. | |||||
| CVE-2018-16620 | 1 Sonatype | 1 Nexus Repository Manager | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control. | |||||
| CVE-2018-16644 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. | |||||
| CVE-2018-16651 | 1 Phpmyfaq | 1 Phpmyfaq | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. | |||||
| CVE-2018-16657 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. | |||||
| CVE-2018-1666 | 1 Ibm | 1 Datapower Gateway | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892. | |||||
| CVE-2018-16663 | 1 Contiki-ng | 1 Contiki-ng. | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations). | |||||
| CVE-2018-16666 | 1 Contiki-ng | 1 Contiki-ng. | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). | |||||
| CVE-2018-1668 | 1 Ibm | 1 Datapower Gateway | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894. | |||||
| CVE-2018-16704 | 1 Gleeztech | 1 Gleezcms | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. | |||||
| CVE-2018-16706 | 1 Lg | 1 Supersign Cms | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | |||||
| CVE-2018-1671 | 1 Ibm | 1 Curam Social Program Management | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951. | |||||
| CVE-2018-16717 | 1 Nih | 1 Ncbi Toolbox | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | |||||
| CVE-2018-16742 | 1 Mgetty Project | 1 Mgetty | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. | |||||
| CVE-2018-16743 | 1 Mgetty Project | 1 Mgetty | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | |||||
| CVE-2018-16766 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached. | |||||
| CVE-2018-16769 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. | |||||
| CVE-2018-1677 | 1 Ibm | 1 Datapower Gateway | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171. | |||||
| CVE-2018-16770 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. | |||||
| CVE-2018-20365 | 1 Libraw | 1 Libraw | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. | |||||
| CVE-2018-20371 | 1 Photorange Photo Vault Project | 1 Photorange Photo Vault | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on. | |||||
| CVE-2018-20380 | 1 Ubeeinteractive | 8 Ambit Ddw2600, Ambit Ddw2600 Firmware, Ambit Ddw2602 and 5 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20381 | 1 Technicolor | 2 Dpc2320, Dpc2320 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20393 | 1 Technicolor | 16 Cga0101, Cga0101 Firmware, Cga0111 and 13 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20405 | 1 Bigtreecms | 1 Bigtree | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| ** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP." | |||||
| CVE-2018-20410 | 1 Wellintech | 1 Kingscada | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401. | |||||
| CVE-2018-20455 | 1 Radare | 1 Radare2 | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. | |||||
| CVE-2018-20460 | 1 Radare | 1 Radare2 | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file. | |||||
| CVE-2018-20468 | 1 Sahipro | 1 Sahi Pro | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution. | |||||
| CVE-2018-20483 | 1 Gnu | 1 Wget | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. | |||||
| CVE-2018-20500 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. | |||||
| CVE-2018-20541 | 1 Libxsmm Project | 1 Libxsmm | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses). | |||||
| CVE-2018-20579 | 1 Contiki-ng Project | 1 Contiki-ng | 2020-08-24 | 3.6 LOW | 7.1 HIGH |
| Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. | |||||
| CVE-2018-20584 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||||
| CVE-2018-20593 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | |||||
| CVE-2018-20616 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c. | |||||
| CVE-2018-20617 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c. | |||||
| CVE-2018-20627 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. | |||||
| CVE-2018-20636 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. | |||||