Latest CVE Feed
-
9.8
CRITICALCVE-2023-39667
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function.... Read more
- Published: Aug. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7301
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices.... Read more
Affected Products : homematic_central_control_unit_ccu2_firmware homematic_central_control_unit_ccu2- Published: Feb. 22, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39526
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a ... Read more
Affected Products : prestashop- Published: Aug. 07, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12584
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.... Read more
- Published: Jul. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12547
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly calla... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation satellite openj9- Published: Feb. 11, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7312
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.... Read more
Affected Products : alexandria_book_library- Published: Feb. 22, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12369
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.... Read more
- Published: Oct. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7251
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.... Read more
- Published: Feb. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7242
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision a... Read more
Affected Products : 140cpu65150_firmware 140cpu65160_firmware bmxnor0200h_firmware modicon_m340_firmware modicon_premium_firmware modicon_quantum_firmware modicon_m340_bmxp341000_firmware modicon_m340_bmxp342020_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware +107 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39475
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automat... Read more
Affected Products : ignition- Published: May. 03, 2024
- Modified: Mar. 13, 2025
-
9.8
CRITICAL- Published: May. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7246
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow re... Read more
Affected Products : 66074_mge_network_management_card_transverse mge_comet_ups mge_eps_6000 mge_eps_7000 mge_eps_8000 mge_galaxy_3000 mge_galaxy_4000 mge_galaxy_5000 mge_galaxy_6000 mge_galaxy_9000 +1 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7238
A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.... Read more
- Published: Mar. 09, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.... Read more
- Published: Mar. 21, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7233
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address... Read more
- Published: Mar. 09, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2012-3503
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms Sy... Read more
- Published: Aug. 25, 2012
- Modified: Apr. 11, 2025
-
9.8
CRITICALCVE-2018-10685
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more
Affected Products : long_range_zip- Published: May. 02, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7186
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long stri... Read more
- Published: Feb. 16, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7279
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.... Read more
- Published: Mar. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7177
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.... Read more
Affected Products : numerology- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024