| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20616 | Hig | 0.57 | 8.8 | 0.01 | Dec 31, 2018 | ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c. | ||
| CVE-2018-20614 | Hig | 0.49 | 7.5 | 0.01 | Dec 30, 2018 | public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. | ||
| CVE-2018-20613 | Hig | 0.57 | 8.8 | 0.00 | Dec 30, 2018 | TEMMOKU T1.09 Beta allows admin/user/add CSRF. | ||
| CVE-2018-20612 | Hig | 0.57 | 8.8 | 0.00 | Dec 30, 2018 | UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | ||
| CVE-2018-20608 | Hig | 0.50 | 7.5 | 0.12 | Dec 30, 2018 | imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. | ||
| CVE-2018-20606 | Hig | 0.49 | 7.5 | 0.03 | Dec 30, 2018 | imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI. | ||
| CVE-2018-20603 | — | Hig | 0.57 | 8.8 | 0.01 | Dec 30, 2018 | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | |
| CVE-2018-20602 | Hig | 0.49 | 7.5 | 0.01 | Dec 30, 2018 | Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI. | ||
| CVE-2018-20599 | Hig | 0.57 | 8.8 | 0.02 | Dec 30, 2018 | UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | ||
| CVE-2018-20598 | Hig | 0.57 | 8.8 | 0.01 | Dec 30, 2018 | UCMS 1.4.7 has ?do=user_addpost CSRF. | ||
| CVE-2018-20595 | Hig | 0.50 | 8.8 | 0.01 | Dec 30, 2018 | A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | ||
| CVE-2018-15007 | Hig | 0.51 | 7.8 | 0.00 | Dec 28, 2018 | The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains… | ||
| CVE-2018-15005 | Hig | 0.46 | 7.1 | 0.00 | Dec 28, 2018 | The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast… | ||
| CVE-2018-14988 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that contains an exported broadcast receiver… | ||
| CVE-2018-14987 | Hig | 0.46 | 7.1 | 0.00 | Dec 28, 2018 | The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that dynamically registers a broadcast receiver app… | ||
| CVE-2018-14986 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0))… | ||
| CVE-2018-14985 | Hig | 0.46 | 7.1 | 0.00 | Dec 28, 2018 | The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that… | ||
| CVE-2018-14984 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0))… | ||
| CVE-2018-20579 | Hig | 0.46 | 7.1 | 0.00 | Dec 28, 2018 | Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. | ||
| CVE-2018-20578 | Hig | 0.49 | 7.5 | 0.02 | Dec 28, 2018 | An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the… | ||
| CVE-2018-20575 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | ||
| CVE-2018-18696 | Hig | 0.57 | 8.8 | 0.01 | Dec 28, 2018 | main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?lang… | ||
| CVE-2018-18667 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812. | ||
| CVE-2018-18666 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | ||
| CVE-2018-18665 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | ||
| CVE-2018-20571 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2018 | DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file. | ||
| CVE-2018-20553 | Hig | 0.00 | 7.8 | 0.01 | Dec 28, 2018 | Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. | ||
| CVE-2018-20552 | Hig | 0.00 | 7.8 | 0.01 | Dec 28, 2018 | Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. | ||
| CVE-2018-20549 | Hig | 0.57 | 8.8 | 0.02 | Dec 28, 2018 | There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. | ||
| CVE-2018-20548 | Hig | 0.57 | 8.8 | 0.02 | Dec 28, 2018 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. | ||
| CVE-2018-20547 | Hig | 0.53 | 8.1 | 0.02 | Dec 28, 2018 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. | ||
| CVE-2018-20546 | Hig | 0.00 | 8.1 | 0.02 | Dec 28, 2018 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. | ||
| CVE-2018-20545 | Hig | 0.00 | 8.8 | 0.02 | Dec 28, 2018 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. | ||
| CVE-2018-20542 | Hig | 0.00 | 8.8 | 0.02 | Dec 28, 2018 | There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address). | ||
| CVE-2018-20541 | Hig | 0.00 | 8.8 | 0.02 | Dec 28, 2018 | There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses). | ||
| CVE-2018-17539 | Hig | 0.49 | 7.5 | 0.02 | Dec 28, 2018 | The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements. | ||
| CVE-2018-1000890 | Hig | 0.49 | 7.5 | 0.02 | Dec 28, 2018 | FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application. | ||
| CVE-2018-1000889 | Hig | 0.57 | 8.8 | 0.01 | Dec 28, 2018 | Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration.… | ||
| CVE-2018-1000888 | Hig | 0.55 | 8.8 | 0.18 | Dec 28, 2018 | PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific… | ||
| CVE-2018-1000630 | Hig | 0.47 | 7.2 | 0.02 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add,… | ||
| CVE-2018-1000624 | Hig | 0.49 | 7.5 | 0.02 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system. | ||
| CVE-2018-20519 | Hig | 0.53 | 8.1 | 0.01 | Dec 27, 2018 | An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter. | ||
| CVE-2018-20404 | Hig | 0.49 | 7.5 | 0.01 | Dec 26, 2018 | ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD. | ||
| CVE-2018-19870 | Hig | 0.57 | 8.8 | 0.02 | Dec 26, 2018 | An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | ||
| CVE-2018-19616 | Hig | 0.58 | 8.1 | 0.30 | Dec 26, 2018 | An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element. | ||
| CVE-2018-19182 | Hig | 0.00 | 8.8 | 0.01 | Dec 26, 2018 | Engelsystem before commit hash 2e28336 allows CSRF. | ||
| CVE-2018-18536 | Hig | 0.51 | 7.8 | 0.01 | Dec 26, 2018 | The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | ||
| CVE-2018-18535 | Hig | 0.51 | 7.8 | 0.01 | Dec 26, 2018 | The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. | ||
| CVE-2018-17987 | Hig | 0.49 | 7.5 | 0.01 | Dec 26, 2018 | The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an… | ||
| CVE-2018-15518 | Hig | 0.50 | 8.8 | 0.03 | Dec 26, 2018 | QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. |
- risk 0.57cvss 8.8epss 0.01
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.
- risk 0.49cvss 7.5epss 0.01
public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.
- risk 0.57cvss 8.8epss 0.00
TEMMOKU T1.09 Beta allows admin/user/add CSRF.
- risk 0.57cvss 8.8epss 0.00
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF.
- risk 0.50cvss 7.5epss 0.12
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.
- risk 0.49cvss 7.5epss 0.03
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.
- risk 0.57cvss 8.8epss 0.01
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF.
- risk 0.49cvss 7.5epss 0.01
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.
- risk 0.57cvss 8.8epss 0.02
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
- risk 0.57cvss 8.8epss 0.01
UCMS 1.4.7 has ?do=user_addpost CSRF.
- risk 0.50cvss 8.8epss 0.01
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.
- risk 0.51cvss 7.8epss 0.00
The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains…
- risk 0.46cvss 7.1epss 0.00
The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast…
- risk 0.49cvss 7.5epss 0.01
The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that contains an exported broadcast receiver…
- risk 0.46cvss 7.1epss 0.00
The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that dynamically registers a broadcast receiver app…
- risk 0.49cvss 7.5epss 0.01
The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0))…
- risk 0.46cvss 7.1epss 0.00
The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that…
- risk 0.49cvss 7.5epss 0.01
The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.messaging (versionCode=1000110, versionName=1.0.001, (android.20170630.092853-0))…
- risk 0.46cvss 7.1epss 0.00
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the…
- risk 0.49cvss 7.5epss 0.01
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
- risk 0.57cvss 8.8epss 0.01
main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?lang…
- risk 0.49cvss 7.5epss 0.01
The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812.
- risk 0.49cvss 7.5epss 0.01
The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- risk 0.49cvss 7.5epss 0.01
The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- risk 0.49cvss 7.5epss 0.01
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
- risk 0.00cvss 7.8epss 0.01
Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c.
- risk 0.00cvss 7.8epss 0.01
Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c.
- risk 0.57cvss 8.8epss 0.02
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
- risk 0.57cvss 8.8epss 0.02
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.
- risk 0.53cvss 8.1epss 0.02
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.
- risk 0.00cvss 8.1epss 0.02
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
- risk 0.00cvss 8.8epss 0.02
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.
- risk 0.00cvss 8.8epss 0.02
There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address).
- risk 0.00cvss 8.8epss 0.02
There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).
- risk 0.49cvss 7.5epss 0.02
The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.
- risk 0.49cvss 7.5epss 0.02
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
- risk 0.57cvss 8.8epss 0.01
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration.…
- risk 0.55cvss 8.8epss 0.18
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific…
- risk 0.47cvss 7.2epss 0.02
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add,…
- risk 0.49cvss 7.5epss 0.02
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.
- risk 0.53cvss 8.1epss 0.01
An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.
- risk 0.49cvss 7.5epss 0.01
ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
- risk 0.58cvss 8.1epss 0.30
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
- risk 0.00cvss 8.8epss 0.01
Engelsystem before commit hash 2e28336 allows CSRF.
- risk 0.51cvss 7.8epss 0.01
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
- risk 0.51cvss 7.8epss 0.01
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
- risk 0.49cvss 7.5epss 0.01
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an…
- risk 0.50cvss 8.8epss 0.03
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.