Total
31701 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17368 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks. | |||||
| CVE-2018-17201 | 1 Apache | 1 Commons Imaging | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging. | |||||
| CVE-2018-17200 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850019 | |||||
| CVE-2018-17196 | 1 Apache | 1 Kafka | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed. | |||||
| CVE-2018-17191 | 1 Apache | 1 Netbeans | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution. | |||||
| CVE-2018-17190 | 1 Apache | 1 Spark | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected. | |||||
| CVE-2018-17188 | 1 Apache | 1 Couchdb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, the CouchDB development team decided to make changes to avoid this entire class of vulnerabilities. | |||||
| CVE-2018-17183 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | |||||
| CVE-2018-17178 | 1 Neatorobotics | 10 Botvac D3 Connected, Botvac D3 Connected Firmware, Botvac D4 Connected and 7 more | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything. | |||||
| CVE-2018-17175 | 1 Marshmallow Project | 1 Marshmallow | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only"). | |||||
| CVE-2018-17144 | 2 Bitcoin, Bitcoinknots | 2 Bitcoin Core, Bitcoin Knots | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash. | |||||
| CVE-2018-17137 | 1 Prezi | 1 Next | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2018-17111 | 1 Coinlancer | 1 Coinlancer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect. | |||||
| CVE-2018-17108 | 1 Sbi | 1 Sbi Buddy | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application. | |||||
| CVE-2018-17107 | 1 Tgstation13 | 1 Tgstation-server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password. | |||||
| CVE-2018-17060 | 1 Progress | 1 Telerik Extensions For Asp.net Mvc | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013. | |||||
| CVE-2018-17020 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line. | |||||
| CVE-2018-17018 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. | |||||
| CVE-2018-17017 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable. | |||||
| CVE-2018-17016 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name. | |||||