Search Results (26990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-14084 1 Myadvancedtoken Project 1 Myadvancedtoken 2024-11-21 9.8 Critical
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
CVE-2018-14067 1 Greenpacket 2 Dv-360, Dv-360 Firmware 2024-11-21 9.8 Critical
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.
CVE-2018-14009 1 Codiad 1 Codiad 2024-11-21 9.8 Critical
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
CVE-2018-13794 1 Catimg Project 1 Catimg 2024-11-21 9.8 Critical
A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.
CVE-2018-13792 1 Abbyy 1 Flexicapture 2024-11-21 9.8 Critical
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
CVE-2018-12918 1 Pbc Project 1 Pbc 2024-11-21 9.8 Critical
In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.
CVE-2018-12714 1 Linux 1 Linux Kernel 2024-11-21 9.8 Critical
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.
CVE-2018-12713 1 Gimp 1 Gimp 2024-11-21 9.1 Critical
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.
CVE-2018-12689 1 Phpldapadmin Project 1 Phpldapadmin 2024-11-21 9.8 Critical
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12640 1 Insteon 2 2864-222, 2864-222 Firmware 2024-11-21 9.8 Critical
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.
CVE-2018-12634 1 Circontrol 1 Circarlife Scada 2024-11-21 9.8 Critical
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-12584 2 Debian, Resiprocate 2 Debian Linux, Resiprocate 2024-11-21 9.8 Critical
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
CVE-2018-12463 1 Hp 1 Fortify Software Security Center 2024-11-21 9.8 Critical
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVE-2018-11743 2 Debian, Mruby 2 Debian Linux, Mruby 2024-11-21 9.8 Critical
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
CVE-2018-11742 1 Nec 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware 2024-11-21 9.8 Critical
NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI.
CVE-2018-11741 1 Nec 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware 2024-11-21 9.8 Critical
NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.
CVE-2018-11682 1 Lutron 6 Homeworks Qs, Homeworks Qs Firmware, Radiora 2 and 3 more 2024-11-21 9.8 Critical
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine
CVE-2018-11681 1 Lutron 6 Homeworks Qs, Homeworks Qs Firmware, Radiora 2 and 3 more 2024-11-21 9.8 Critical
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine
CVE-2018-11653 1 Seasofsolutions 2 Ip Camera, Ip Camera Firmware 2024-11-21 9.8 Critical
Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password.
CVE-2018-11560 1 Insteon 2 2864-222, 2864-222 Firmware 2024-11-21 9.8 Critical
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.