Total
315293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14803 | 1 Philips | 2 E-alert, E-alert Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. | |||||
| CVE-2018-14802 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution. | |||||
| CVE-2018-14801 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | |||||
| CVE-2018-14800 | 1 Deltaww | 1 Ispsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. | |||||
| CVE-2018-14799 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2024-11-21 | 4.6 MEDIUM | 3.7 LOW |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. | |||||
| CVE-2018-14798 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. | |||||
| CVE-2018-14797 | 1 Emerson | 1 Deltav | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | |||||
| CVE-2018-14796 | 1 Tec4data | 2 Smartcooler, Smartcooler Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. | |||||
| CVE-2018-14795 | 1 Emerson | 1 Deltav | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | |||||
| CVE-2018-14794 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer. | |||||
| CVE-2018-14793 | 1 Emerson | 1 Deltav | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. | |||||
| CVE-2018-14792 | 1 We-con | 1 Plc Editor | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files. | |||||
| CVE-2018-14791 | 1 Emerson | 1 Deltav | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | |||||
| CVE-2018-14790 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. | |||||
| CVE-2018-14789 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | |||||
| CVE-2018-14788 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2018-14786 | 1 Bd | 8 Alaris Cc, Alaris Cc Firmware, Alaris Gh and 5 more | 2024-11-21 | 7.5 HIGH | 9.4 CRITICAL |
| Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. | |||||
| CVE-2018-14785 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. | |||||
| CVE-2018-14784 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. | |||||