Total
31701 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17015 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. | |||||
| CVE-2018-17014 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name. | |||||
| CVE-2018-17013 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate. | |||||
| CVE-2018-17012 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit. | |||||
| CVE-2018-17011 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. | |||||
| CVE-2018-17010 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth. | |||||
| CVE-2018-17009 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. | |||||
| CVE-2018-17008 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. | |||||
| CVE-2018-17007 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid. | |||||
| CVE-2018-17006 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. | |||||
| CVE-2018-17005 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable. | |||||
| CVE-2018-17004 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name. | |||||
| CVE-2018-16994 | 1 Phoenixcontact | 6 Axl F Bk Eth, Axl F Bk Eth Firmware, Axl F Bk Eth Xc and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required. | |||||
| CVE-2018-16983 | 2 Noscript, Torproject | 2 Noscript, Tor Browser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value. | |||||
| CVE-2018-16950 | 1 Inteno | 2 Dg400, Dg400 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof. | |||||
| CVE-2018-16877 | 6 Canonical, Clusterlabs, Debian and 3 more | 9 Ubuntu Linux, Pacemaker, Debian Linux and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. | |||||
| CVE-2018-16802 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. | |||||
| CVE-2018-16770 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. | |||||
| CVE-2018-16769 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. | |||||
| CVE-2018-16744 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. | |||||