Search Results (26989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20525 1 Roxyfileman 1 Roxy Fileman 2024-11-21 9.1 Critical
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
CVE-2018-20469 1 Sahipro 1 Sahi Pro 2024-11-21 9.8 Critical
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
CVE-2018-20445 1 Dlink 4 Dcm-604, Dcm-604 Firmware, Dcm-704 and 1 more 2024-11-21 9.8 Critical
D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests.
CVE-2018-20432 1 Dlink 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more 2024-11-21 9.8 Critical
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
CVE-2018-20396 1 Telaum 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more 2024-11-21 9.8 Critical
NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20386 1 Commscope 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware 2024-11-21 9.8 Critical
ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20383 2 Arris, Commscope 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more 2024-11-21 9.8 Critical
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20334 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-11-21 9.8 Critical
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
CVE-2018-20299 1 Bosch 4 360-indoor Camera, 360-indoor Camera Firmware, Eyes Outdoor Camera and 1 more 2024-11-21 9.8 Critical
An issue was discovered in several Bosch Smart Home cameras (360 degree indoor camera and Eyes outdoor camera) with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow in the RCP+ parser of the web server.
CVE-2018-20177 3 Debian, Opensuse, Rdesktop 4 Debian Linux, Backports, Leap and 1 more 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
CVE-2018-20114 1 Dlink 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more 2024-11-21 9.8 Critical
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.
CVE-2018-20033 2 Flexera, Oracle 2 Flexnet Publisher, Communications Lsms 2024-11-21 9.8 Critical
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.
CVE-2018-20019 4 Canonical, Debian, Libvnc Project and 1 more 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more 2024-11-21 9.8 Critical
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
CVE-2018-1312 5 Apache, Canonical, Debian and 2 more 15 Http Server, Ubuntu Linux, Debian Linux and 12 more 2024-11-21 9.8 Critical
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
CVE-2018-1285 4 Apache, Fedoraproject, Netapp and 1 more 7 Log4net, Fedora, Manageability Software Development Kit and 4 more 2024-11-21 9.8 Critical
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
CVE-2018-1275 3 Oracle, Redhat, Vmware 21 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 18 more 2024-11-21 9.8 Critical
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
CVE-2018-1270 4 Debian, Oracle, Redhat and 1 more 29 Debian Linux, Application Testing Suite, Big Data Discovery and 26 more 2024-11-21 9.8 Critical
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CVE-2018-1115 3 Opensuse, Postgresql, Redhat 3 Leap, Postgresql, Rhel Software Collections 2024-11-21 9.1 Critical
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CVE-2018-19950 1 Qnap 2 Music Station, Qts 2024-11-21 9.8 Critical
If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
CVE-2018-19945 1 Qnap 1 Qts 2024-11-21 9.1 Critical
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.