Latest CVE Feed
-
9.8
CRITICALCVE-2018-14703
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.... Read more
- Published: Dec. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-33025
Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.... Read more
Affected Products : wcd9380_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware ar8035_firmware qca8081_firmware qca8337_firmware qcm4490_firmware +38 more products- Published: Jan. 02, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20056
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange curr... Read more
- Published: Dec. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1818
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 15... Read more
Affected Products : security_guardium- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20027
The yaml_parse.load method in Pylearn2 allows code injection.... Read more
Affected Products : pylearn2- Published: Dec. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1784
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.... Read more
Affected Products : api_connect- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-15721
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API.... Read more
- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18871
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the ori... Read more
- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20338
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.... Read more
Affected Products : manageengine_opmanager- Published: Dec. 21, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-18008
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.... Read more
Affected Products : dwr-116_firmware dir-140l_firmware dir-640l_firmware dwr-512_firmware dwr-921_firmware dsl-2770l_firmware dwr-555_firmware dwr-921 dwr-116 dir-140l +4 more products- Published: Dec. 21, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20390
Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more
Affected Products : cg2001-an22a_firmware cg2001-udbna_firmware cg2001-un2na_firmware cg2001-an22a cg2001-udbna cg2001-un2na- Published: Dec. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20391
TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more
- Published: Dec. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20399
Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.... Read more
- Published: Dec. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20401
Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.... Read more
- Published: Dec. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20248
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileRe... Read more
Affected Products : quick_pdf_library- Published: Dec. 24, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20480
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.... Read more
Affected Products : s-cms- Published: Dec. 26, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20568
Administrator/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.... Read more
Affected Products : generic_content_management_system- Published: Dec. 28, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.... Read more
Affected Products : wuzhicms- Published: Dec. 28, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20605
imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file.... Read more
Affected Products : imcat- Published: Dec. 30, 2018
- Modified: Nov. 21, 2024