Total
314965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20384 | 1 Inovobb | 4 Ib-8120-w21, Ib-8120-w21 Firmware, Ib-8120-w21e1 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20383 | 2 Arris, Commscope | 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20382 | 1 Jezetek-intl | 2 Bcm93383wrg, Bcm93383wrg Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20381 | 1 Technicolor | 2 Dpc2320, Dpc2320 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20380 | 1 Ubeeinteractive | 8 Ambit Ddw2600, Ambit Ddw2600 Firmware, Ambit Ddw2602 and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20379 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | |||||
| CVE-2018-20378 | 1 Opensynergy | 1 Blue Sdk | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
| The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c. | |||||
| CVE-2018-20377 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||
| CVE-2018-20376 | 1 Tinycc | 1 Tinycc | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c. | |||||
| CVE-2018-20375 | 1 Tinycc | 1 Tinycc | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c. | |||||
| CVE-2018-20374 | 1 Tinycc | 1 Tinycc | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c. | |||||
| CVE-2018-20373 | 1 Tendacn | 2 Adsl, Adsl Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-20371 | 1 Photorange Photo Vault Project | 1 Photorange Photo Vault | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on. | |||||
| CVE-2018-20370 | 1 The-sz | 1 Netchat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend. | |||||
| CVE-2018-20369 | 1 Barracuda | 1 Message Archiver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. | |||||
| CVE-2018-20368 | 1 Averta | 1 Master Slider | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | |||||
| CVE-2018-20367 | 1 Wstmart | 1 Wstmart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI. | |||||
| CVE-2018-20365 | 1 Libraw | 1 Libraw | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. | |||||
| CVE-2018-20364 | 1 Libraw | 1 Libraw | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. | |||||