Vulnerabilities (CVE)

Filtered by CWE-20
Total 10428 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19478 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
CVE-2018-19300 2 D-link, Dlink 17 Dap-1530 Firmware, Dap-1610 Firmware, Dwr-116 Firmware and 14 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well.
CVE-2018-19295 1 Sylabs 1 Singularity 2024-11-21 7.2 HIGH 7.8 HIGH
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
CVE-2018-19204 1 Paessler 1 Prtg Network Monitor 2024-11-21 9.0 HIGH 8.8 HIGH
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.
CVE-2018-19114 1 Iminho 1 Mindoc 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.
CVE-2018-19016 1 Rockwellautomation 2 Ethernet\/ip Web Server Module 1756-eweb, Ethernet\/ip Web Server Module 1768-eweb 2024-11-21 7.8 HIGH 7.5 HIGH
Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted.
CVE-2018-19010 1 Draeger 8 Delta Xl, Delta Xl Firmware, Infinity Delta and 5 more 2024-11-21 3.3 LOW 6.5 MEDIUM
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity.
CVE-2018-19008 1 Abb 2 Cp400pb, Cp400pb Firmware 2024-11-21 6.8 MEDIUM 7.8 HIGH
The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.
CVE-2018-19005 1 Hornerautomation 1 Cscape 2024-11-21 6.8 MEDIUM 7.8 HIGH
Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code.
CVE-2018-1999037 1 Jenkins 1 Resource Disposer 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.
CVE-2018-1999018 1 Pydio 1 Pydio 2024-11-21 8.5 HIGH 6.6 MEDIUM
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.
CVE-2018-18988 1 Lcds 1 Laquis Scada 2024-11-21 8.3 HIGH 8.8 HIGH
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2018-18878 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.
CVE-2018-18558 1 Espressif 1 Esp-idf 2024-11-21 6.9 MEDIUM 6.4 MEDIUM
An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory.
CVE-2018-18541 2 Debian, Teeworlds 2 Debian Linux, Teeworlds 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets.
CVE-2018-18358 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 2.9 LOW 5.7 MEDIUM
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
CVE-2018-18354 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
CVE-2018-18351 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
CVE-2018-18347 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
CVE-2018-18021 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 3.6 LOW 7.1 HIGH
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes.