Search Results (26989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-7232 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.
CVE-2018-7231 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.
CVE-2018-7229 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
CVE-2018-7228 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
CVE-2018-7084 2 Arubanetworks, Siemens 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware 2024-11-21 9.8 Critical
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1
CVE-2018-7081 1 Arubanetworks 1 Arubaos 2024-11-21 9.8 Critical
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked.
CVE-2018-6703 1 Mcafee 1 Agent 2024-11-21 9.8 Critical
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.
CVE-2018-6692 1 Belkin 2 Wemo Insight Smart Plug, Wemo Insight Smart Plug Firmware 2024-11-21 10.0 Critical
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
CVE-2018-6678 1 Mcafee 1 Mcafee Web Gateway 2024-11-21 9.1 Critical
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
CVE-2018-6677 1 Mcafee 1 Mcafee Web Gateway 2024-11-21 9.1 Critical
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
CVE-2018-6641 1 Wiris 1 Mathtype 2024-11-21 9.8 Critical
An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d.
CVE-2018-6640 1 Wiris 1 Mathtype 2024-11-21 9.8 Critical
A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d.
CVE-2018-6639 1 Wiris 1 Mathtype 2024-11-21 9.8 Critical
An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.
CVE-2018-6638 1 Wiris 1 Mathtype 2024-11-21 9.8 Critical
A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d.
CVE-2018-6481 1 Flexense 1 Disksavvy 2024-11-21 9.8 Critical
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
CVE-2018-6446 1 Broadcom 1 Brocade Network Advisor 2024-11-21 9.8 Critical
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
CVE-2018-6373 1 Fastballproductions 1 Fastball 2024-11-21 9.8 Critical
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
CVE-2018-6363 1 Taskrabbit Clone Project 1 Taskrabbit Clone 2024-11-21 9.8 Critical
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
CVE-2018-6345 1 Facebook 1 Hhvm 2024-11-21 9.8 Critical
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).
CVE-2018-6210 1 Dlink 2 Dir-620, Dir-620 Firmware 2024-11-21 9.8 Critical
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.