Total
30123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18320 | 1 Asuswrt-merlin Project | 28 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 25 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution. | |||||
| CVE-2018-18284 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |||||
| CVE-2018-18223 | 2 Opendesign, Oracle | 2 Drawings Sdk, Outside In Technology | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash. | |||||
| CVE-2018-18202 | 1 Ibm | 4 Qlogic 20-port 4\/8 Gb San Switch Module, Qlogic 20-port 4\/8 Gb San Switch Module Firmware, Qlogic 4 Gb Fibre Channel Expansion Card and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password. | |||||
| CVE-2018-17953 | 3 Kernel, Opensuse, Suse | 3 Linux-pam, Leap, Linux Enterprise | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | |||||
| CVE-2018-17933 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot. | |||||
| CVE-2018-17925 | 1 Ge | 1 Ifix | 2024-11-21 | 4.4 MEDIUM | 4.8 MEDIUM |
| Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. | |||||
| CVE-2018-17914 | 1 Aveva | 3 Edge, Indusoft Web Studio, Intouch Machine Edition 2014 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime. | |||||
| CVE-2018-17892 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution. | |||||
| CVE-2018-17875 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. | |||||
| CVE-2018-17859 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. | |||||
| CVE-2018-17856 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. | |||||
| CVE-2018-17774 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17772 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17768 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17765 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17564 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. | |||||
| CVE-2018-17539 | 2 F5, Ipinfusion | 3 Big-ip Local Traffic Manager, Ocnos, Zebos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements. | |||||
| CVE-2018-17538 | 1 Axon | 1 Evidence Sync | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability. | |||||
| CVE-2018-17496 | 1 Thresholdsecurity | 1 Evisitorpass | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system. | |||||