| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration. |
| Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page. |
| Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to execute arbitrary code via unspecified vectors. |
| BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. |
| BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. |
| AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. |
| AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. |
| Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. |
| Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors. |
| INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669. |
| INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670. |
| Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers to cause denial-of-service (DoS) condition that may result in executing arbtrary code via unspecified vectors. |
| Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665. |
| Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0666. |
| A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors. |
| Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. |
| Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. |
| Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. |
