Latest CVE Feed
-
7.5
HIGHCVE-2018-13994
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-13993
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-13992
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2018-13991
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-13990
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.... Read more
Affected Products : fl_switch_3005_firmware fl_switch_3005t_firmware fl_switch_3004t-fx_firmware fl_switch_3004t-fx_st_firmware fl_switch_3008_firmware fl_switch_3008t_firmware fl_switch_3006t-2fx_firmware fl_switch_3006t-2fx_st_firmware fl_switch_3012e-2sfx_firmware fl_switch_3016e_firmware +48 more products- Published: May. 06, 2019
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-13989
Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.... Read more
- Published: Jul. 11, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-13988
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable wh... Read more
- Published: Jul. 25, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-13983
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.... Read more
Affected Products : impresscms- Published: May. 06, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-13982
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory securit... Read more
- Published: Sep. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-13981
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but no... Read more
Affected Products : zeta_producer_desktop_cms- Published: Jul. 16, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-13980
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.... Read more
Affected Products : zeta_producer- Published: Jul. 16, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-13927
Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... Read more
Affected Products : sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware +38 more products- Published: Jul. 22, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-13925
Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snap... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware qcs605_firmware mdm9650_firmware msm8909w_firmware +74 more products- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-13924
Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra... Read more
Affected Products : ipq8074_firmware qca8081_firmware sd_8cx_firmware sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware +102 more products- Published: Jul. 22, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-13920
Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8... Read more
Affected Products : sdm660_firmware sd_450_firmware sd_625_firmware sd_820a_firmware qcs605_firmware sdx24_firmware mdm9650_firmware msm8909w_firmware mdm9206_firmware mdm9607_firmware +38 more products- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-13919
Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sna... Read more
Affected Products : sdm660_firmware sd_625_firmware sd_820_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware sdx24_firmware mdm9650_firmware +38 more products- Published: Jun. 14, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-13918
kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon W... Read more
Affected Products : sd_450_firmware sd_625_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware sdx24_firmware mdm9650_firmware msm8909w_firmware +40 more products- Published: Apr. 04, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-13916
Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon C... Read more
Affected Products : ipq8074_firmware qca8081_firmware sdx55_firmware sdm660_firmware sm8150_firmware sm8250_firmware sxr2130_firmware msm8996au_firmware apq8096au_firmware mdm9150_firmware +100 more products- Published: Nov. 21, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-13914
Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM965... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9206_firmware mdm9607_firmware +26 more products- Published: Feb. 25, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-13913
Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versio... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_625_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sdx24_firmware mdm9650_firmware msm8909w_firmware +72 more products- Published: Feb. 25, 2019
- Modified: Nov. 21, 2024