Total
297778 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | |||||
| CVE-2018-14067 | 1 Greenpacket | 2 Dv-360, Dv-360 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. | |||||
| CVE-2018-14066 | 3 Google, Infinixmobility, Lenovo | 3 Android, Infinix X571, Lenovo A7020 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. | |||||
| CVE-2018-14065 | 1 Phpoffice Project | 1 Common | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. | |||||
| CVE-2018-14064 | 1 Velotismart Project | 2 Velotismart Wifi, Velotismart Wifi Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. | |||||
| CVE-2018-14063 | 1 Tracto | 1 Tracto | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow. | |||||
| CVE-2018-14062 | 1 Cospas-sarsat | 1 Cospas-sarsat System | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
| The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal. | |||||
| CVE-2018-14060 | 1 Mi | 2 Xiaomi R3d, Xiaomi R3d Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-14059 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. | |||||
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | |||||
| CVE-2018-14057 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. | |||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |||||
| CVE-2018-14055 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | |||||
| CVE-2018-14054 | 1 Techsmith | 1 Mp4v2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. | |||||
| CVE-2018-14052 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c. | |||||
| CVE-2018-14051 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. | |||||
| CVE-2018-14050 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c. | |||||
| CVE-2018-14049 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c. | |||||
| CVE-2018-14048 | 2 Libpng, Oracle | 3 Libpng, Jdk, Jre | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. | |||||
| CVE-2018-14047 | 1 Pngwriter Project | 1 Pngwriter | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| ** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file. | |||||