Vulnerabilities (CVE)

Filtered by CWE-20
Total 10426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15732 1 Stopzilla 1 Antimalware 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063.
CVE-2018-15731 1 Stopzilla 1 Antimalware 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000205B.
CVE-2018-15730 1 Stopzilla 1 Antimalware 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002067.
CVE-2018-15729 1 Stopzilla 1 Antimalware 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B.
CVE-2018-15715 1 Zoom 1 Zoom 2024-11-21 7.5 HIGH 9.8 CRITICAL
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.
CVE-2018-15701 1 Tp-link 2 Tl-wrn841n, Tl-wrn841n Firmware 2024-11-21 3.3 LOW 6.5 MEDIUM
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.
CVE-2018-15700 1 Tp-link 2 Tl-wrn841n, Tl-wrn841n Firmware 2024-11-21 6.1 MEDIUM 6.5 MEDIUM
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.
CVE-2018-15670 2 Apple, Bloop 2 Macos, Airmail 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email.
CVE-2018-15632 1 Odoo 1 Odoo 2024-11-21 8.5 HIGH 9.1 CRITICAL
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
CVE-2018-15601 1 Elefantcms 1 Elefantcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
CVE-2018-15483 1 Kone 2 Group Controller, Group Controller Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.
CVE-2018-15454 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense 2024-11-21 7.8 HIGH 8.6 HIGH
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.
CVE-2018-15449 1 Cisco 1 Video Surveillance Media Server 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition.
CVE-2018-15430 1 Cisco 1 Telepresence Video Communication Server 2024-11-21 6.5 MEDIUM 7.2 HIGH
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges on the underlying operating system.
CVE-2018-15428 1 Cisco 10 Asr 9001, Asr 9006, Asr 9010 and 7 more 2024-11-21 4.3 MEDIUM 6.8 MEDIUM
A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
CVE-2018-15420 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
CVE-2018-15417 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
CVE-2018-15416 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
CVE-2018-15415 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
CVE-2018-15414 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2024-11-21 9.3 HIGH 7.8 HIGH
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.