Total
297410 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10987 | 1 Diqee | 2 Diqee360, Diqee360 Firmware | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. | |||||
| CVE-2018-10986 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| OX Guard 2.8.0 has CSRF. | |||||
| CVE-2018-10982 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. | |||||
| CVE-2018-10981 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | |||||
| CVE-2018-10977 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4. | |||||
| CVE-2018-10976 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050. | |||||
| CVE-2018-10975 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104. | |||||
| CVE-2018-10974 | 1 2345.cc | 1 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100. | |||||
| CVE-2018-10973 | 1 Koreashow Project | 1 Koreashow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters. | |||||
| CVE-2018-10972 | 1 Flif | 1 Free Lossless Image Format | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2018-10971 | 1 Flif | 1 Flif | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file. | |||||
| CVE-2018-10969 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. | |||||
| CVE-2018-10968 | 2 D-link, Dlink | 4 Dir-550a Firmware, Dir-604m Firmware, Dir-550a and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. | |||||
| CVE-2018-10967 | 2 D-link, Dlink | 4 Dir-550a Firmware, Dir-604m Firmware, Dir-550a and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. | |||||
| CVE-2018-10966 | 1 Gamerpolls | 1 Gamerpolls | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret. | |||||
| CVE-2018-10963 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | |||||
| CVE-2018-10962 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered. | |||||
| CVE-2018-10959 | 1 Beyondtrust | 1 Avecto Defendpoint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch. | |||||
| CVE-2018-10958 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | |||||
| CVE-2018-10957 | 1 Dlink | 2 Dir-868l, Dir-868l Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. | |||||