Latest CVE Feed
-
7.8
HIGHCVE-2018-13833
An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.... Read more
Affected Products : cmft- Published: Jul. 10, 2018
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2018-13832
Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JP... Read more
- Published: Jul. 16, 2018
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.... Read more
- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.... Read more
- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-13824
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.... Read more
- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-13823
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information.... Read more
- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-13822
Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.... Read more
- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-13821
A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.... Read more
Affected Products : unified_infrastructure_management- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-13820
A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.... Read more
Affected Products : unified_infrastructure_management- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-13819
A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.... Read more
Affected Products : unified_infrastructure_management- Published: Aug. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-13818
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly w... Read more
- Published: Jul. 10, 2018
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2018-13816
A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the af... Read more
- Published: Dec. 12, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-13815
A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Succes... Read more
Affected Products : simatic_s7-1500_firmware simatic_s7-1200_firmware simatic_s7-1200 simatic_s7-1500- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-13814
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V... Read more
Affected Products : simatic_wincc simatic_wincc_\(tia_portal\) simatic_wincc_runtime simatic_hmi_comfort_panels_firmware simatic_hmi_comfort_outdoor_panels_firmware simatic_hmi_ktp_mobile_panels_ktp400f_firmware simatic_hmi_ktp_mobile_panels_ktp700_firmware simatic_hmi_ktp_mobile_panels_ktp700f_firmware simatic_hmi_ktp_mobile_panels_ktp900_firmware simatic_hmi_ktp_mobile_panels_ktp900f_firmware +13 more products- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2018-13813
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F... Read more
Affected Products : simatic_wincc simatic_wincc_\(tia_portal\) simatic_wincc_runtime simatic_hmi_comfort_panels_firmware simatic_hmi_comfort_outdoor_panels_firmware simatic_hmi_ktp_mobile_panels_ktp400f_firmware simatic_hmi_ktp_mobile_panels_ktp700_firmware simatic_hmi_ktp_mobile_panels_ktp700f_firmware simatic_hmi_ktp_mobile_panels_ktp900_firmware simatic_hmi_ktp_mobile_panels_ktp900f_firmware +13 more products- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-13812
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F... Read more
Affected Products : simatic_wincc simatic_wincc_\(tia_portal\) simatic_wincc_runtime simatic_hmi_comfort_panels_firmware simatic_hmi_comfort_outdoor_panels_firmware simatic_hmi_ktp_mobile_panels_ktp400f_firmware simatic_hmi_ktp_mobile_panels_ktp700_firmware simatic_hmi_ktp_mobile_panels_ktp700f_firmware simatic_hmi_ktp_mobile_panels_ktp900_firmware simatic_hmi_ktp_mobile_panels_ktp900f_firmware +13 more products- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-13811
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exp... Read more
Affected Products : simatic_step_7_\(tia_portal\)- Published: Dec. 13, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-13810
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into access... Read more
- Published: Apr. 17, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-13809
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. U... Read more
- Published: Apr. 17, 2019
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-13808
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires networ... Read more
- Published: Apr. 17, 2019
- Modified: Nov. 21, 2024