Search Results (83082 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-8910 1 Synology 1 Drive Server 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVE-2018-8906 1 Dsmall Project 1 Dsmall 2024-11-21 N/A
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.
CVE-2018-8905 4 Canonical, Debian, Libtiff and 1 more 7 Ubuntu Linux, Debian Linux, Libtiff and 4 more 2024-11-21 8.8 High
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2018-8903 1 Open-audit 1 Open-audit 2024-11-21 N/A
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
CVE-2018-8900 1 Gemalto 1 Sentinel Ldk Rte 2024-11-21 N/A
The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.
CVE-2018-8899 1 Identityserver 1 Identityserver4 2024-11-21 N/A
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
CVE-2018-8891 1 Blackberry 1 Unified Endpoint Manager 2024-11-21 N/A
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
CVE-2018-8888 1 Blackberry 1 Unified Endpoint Manager 2024-11-21 N/A
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
CVE-2018-8879 1 Asus 2 Rt-ac66u, Rt-ac66u Firmware 2024-11-21 9.8 Critical
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.
CVE-2018-8871 1 Deltaww 1 Tpeditor 2024-11-21 9.8 Critical
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
CVE-2018-8866 1 Vecna 2 Vgo, Vgo Firmware 2024-11-21 N/A
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.
CVE-2018-8865 1 Lantech 2 Ids 2102, Ids 2102 Firmware 2024-11-21 9.8 Critical
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-8857 1 Philips 8 Brilliance Ct Big Bore, Brilliance Ct Big Bore Firmware, Brilliance 64 and 5 more 2024-11-21 N/A
Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.
CVE-2018-8856 1 Philips 1 E-alert Firmware 2024-11-21 N/A
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.
CVE-2018-8848 1 Philips 1 E-alert Firmware 2024-11-21 7.5 High
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
CVE-2018-8847 1 Eaton 2 9000x, 9000x Firmware 2024-11-21 9.8 Critical
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
CVE-2018-8846 1 Philips 1 E-alert Firmware 2024-11-21 N/A
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users.
CVE-2018-8845 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 9.8 Critical
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-8839 1 Deltaww 1 Pmsoft 2024-11-21 7.8 High
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version.
CVE-2018-8837 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 N/A
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.