Total
12478 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7739 | 1 Antsle | 1 Antman | 2024-11-21 | N/A |
| antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation. | ||||
| CVE-2018-7679 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | ||||
| CVE-2018-7658 | 1 Softros | 1 Network Time System | 2024-11-21 | N/A |
| NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes. | ||||
| CVE-2018-7635 | 1 Navercorp | 1 Whale | 2024-11-21 | N/A |
| Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name. | ||||
| CVE-2018-7583 | 1 Advantig | 1 Dualdesk | 2024-11-21 | N/A |
| Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | ||||
| CVE-2018-7577 | 1 Google | 2 Snappy, Tensorflow | 2024-11-21 | N/A |
| Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory. | ||||
| CVE-2018-7560 | 1 Aws-lambda-multipart-parser Project | 1 Aws-lambda-multipart-parser | 2024-11-21 | 7.5 High |
| index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | ||||
| CVE-2018-7549 | 3 Canonical, Redhat, Zsh | 6 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | ||||
| CVE-2018-7537 | 4 Canonical, Debian, Djangoproject and 1 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2024-11-21 | N/A |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | ||||
| CVE-2018-7536 | 4 Canonical, Debian, Djangoproject and 1 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2024-11-21 | N/A |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | ||||
| CVE-2018-7531 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | N/A |
| An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. | ||||
| CVE-2018-7511 | 1 Eaton | 1 Elcsoft | 2024-11-21 | N/A |
| In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | ||||
| CVE-2018-7502 | 1 Beckhoff | 2 Twincat, Twincat C\+\+ | 2024-11-21 | N/A |
| Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. | ||||
| CVE-2018-7489 | 4 Debian, Fasterxml, Oracle and 1 more | 10 Debian Linux, Jackson-databind, Communications Billing And Revenue Management and 7 more | 2024-11-21 | N/A |
| FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. | ||||
| CVE-2018-7449 | 2 Microsoft, Segger | 2 Windows, Embos\/ip Ftp Server | 2024-11-21 | N/A |
| SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | ||||
| CVE-2018-7432 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A |
| Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | ||||
| CVE-2018-7429 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A |
| Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | ||||
| CVE-2018-7337 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. | ||||
| CVE-2018-7237 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-11-21 | 9.1 Critical |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file' | ||||
| CVE-2018-7235 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-11-21 | 7.5 High |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file' | ||||