Total
31701 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14549 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c. | |||||
| CVE-2018-14533 | 1 Intenogroup | 2 Iopsys, Iopsys Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. | |||||
| CVE-2018-14077 | 1 Wi2be | 1 Smart Hp Wmt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. | |||||
| CVE-2018-14052 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c. | |||||
| CVE-2018-14050 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c. | |||||
| CVE-2018-14049 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c. | |||||
| CVE-2018-14048 | 2 Libpng, Oracle | 3 Libpng, Jdk, Jre | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. | |||||
| CVE-2018-14020 | 1 Paymorrow | 1 Paymorrow | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eShop's checkout procedure properly. To do so, the attacker must change the delivery address to one that is not verified by the Paymorrow module. | |||||
| CVE-2018-13901 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Due to missing permissions in Android Manifest file, Sensitive information disclosure issue can happen in PCI RCS app in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660 | |||||
| CVE-2018-13863 | 1 Mongodb | 1 Js-bson | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string. | |||||
| CVE-2018-13862 | 1 Trivum | 2 Webtouch Setup V9, Webtouch Setup V9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | |||||
| CVE-2018-13861 | 1 Trivum | 2 Webtouch Setup V9, Webtouch Setup V9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
| CVE-2018-13859 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). | |||||
| CVE-2018-13858 | 1 Trivum | 2 C4 Professional, C4 Professional Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. | |||||
| CVE-2018-13804 | 1 Siemens | 3 Simatic It Line Monitoring System, Simatic It Production Suite, Simatic It Ua Discrete Manufacturing | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-13799 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-13787 | 1 Supermicro | 220 A1sa, A1sa Firmware, A1sai and 217 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. | |||||
| CVE-2018-13784 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php. | |||||
| CVE-2018-13397 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. | |||||
| CVE-2018-13396 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. | |||||