Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2018-13319

    Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.... Read more

    Affected Products : ts5600d1206_firmware ts5600d1206
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-13318

    System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.... Read more

    Affected Products : ts5600d1206_firmware ts5600d1206
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13317

    Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13316

    System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-13315

    Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13314

    System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13313

    In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to chang... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13312

    Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13311

    System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13310

    Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13309

    Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-13308

    Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13307

    System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13306

    System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-13305

    In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information di... Read more

    Affected Products : ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13304

    In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, relate... Read more

    Affected Products : ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13303

    In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of servi... Read more

    Affected Products : ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-13302

    In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file... Read more

    Affected Products : debian_linux ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-13301

    In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denia... Read more

    Affected Products : ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-13300

    In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a ... Read more

    Affected Products : debian_linux ffmpeg
    • Published: Jul. 05, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294832 Results