Latest CVE Feed
-
9.8
CRITICALCVE-2018-5882
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.... Read more
Affected Products : msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9206_firmware +38 more products- Published: Jul. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8828
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretra... Read more
- Published: Mar. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8785
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.... Read more
- Published: Nov. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39150
ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.... Read more
Affected Products : conemu- Published: Sep. 12, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5696
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.... Read more
- Published: Jan. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7062
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows rem... Read more
- Published: Jul. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add.... Read more
Affected Products : joyplus-cms- Published: Mar. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5506
In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client c... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +3 more products- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39122
BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).... Read more
Affected Products : control-m- Published: Jul. 31, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39115
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.... Read more
Affected Products : complete_online_matrimonial_website_system_script- Published: Aug. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5492
NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution.... Read more
Affected Products : e-series_santricity_os_controller- Published: Oct. 04, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5469
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability ... Read more
Affected Products : hirschmann_rs20-0900mmm2tdau hirschmann_rs20-0900nnm4tdau hirschmann_rs20-0900vvm2tdau hirschmann_rs20-1600l2l2sdau hirschmann_rs20-1600l2m2sdau hirschmann_rs20-1600l2s2sdau hirschmann_rs20-1600l2t1sdau hirschmann_rs20-1600m2m2sdau hirschmann_rs20-1600m2t1sdau hirschmann_rs20-1600s2m2sdau +124 more products- Published: Mar. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39069
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.... Read more
- Published: Sep. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5455
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perfor... Read more
- Published: Mar. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5440
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Versio... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40892
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.... Read more
- Published: Aug. 24, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40891
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.... Read more
- Published: Aug. 24, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5377
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.... Read more
- Published: Jan. 12, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5339
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.... Read more
Affected Products : manageengine_desktop_central- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5338
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.... Read more
Affected Products : manageengine_desktop_central- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024