Export limit exceeded: 75268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17924 | 1 Rockwellautomation | 32 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 29 more | 2024-11-21 | 8.6 High |
| Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address. | ||||
| CVE-2018-17921 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2024-11-21 | 8.8 High |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. | ||||
| CVE-2018-17911 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 7.8 High |
| LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution. | ||||
| CVE-2018-17906 | 1 Philips | 2 Intellispace Pacs, Isite Pacs | 2024-11-21 | 8.8 High |
| Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | ||||
| CVE-2018-17875 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2024-11-21 | 8.8 High |
| A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. | ||||
| CVE-2018-17860 | 1 Cloudera | 1 Cdh | 2024-11-21 | 7.2 High |
| Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | ||||
| CVE-2018-17848 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call. | ||||
| CVE-2018-17847 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call. | ||||
| CVE-2018-17846 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. | ||||
| CVE-2018-17559 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | 7.5 High |
| Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | ||||
| CVE-2018-17555 | 1 Commscope | 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware | 2024-11-21 | 7.5 High |
| The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | ||||
| CVE-2018-17419 | 2 Dns Library Project, Redhat | 2 Dns Library, Openshift | 2024-11-21 | 7.5 High |
| An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | ||||
| CVE-2018-17365 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 High |
| SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | ||||
| CVE-2018-17240 | 1 Netwavepr | 4 Indoor Ip Camera, Indoor Ip Camera Firmware, Outdoor Ip Camera and 1 more | 2024-11-21 | 7.5 High |
| There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). | ||||
| CVE-2018-17182 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. | ||||
| CVE-2018-17145 | 7 Bcoin, Bitcoin, Bitcoinknots and 4 more | 7 Bcoin, Bitcoin Core, Bitcoin Knots and 4 more | 2024-11-21 | 7.5 High |
| Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15. | ||||
| CVE-2018-17144 | 2 Bitcoin, Bitcoinknots | 2 Bitcoin Core, Bitcoin Knots | 2024-11-21 | 7.5 High |
| Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash. | ||||
| CVE-2018-17143 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. | ||||
| CVE-2018-17142 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. | ||||
| CVE-2018-17075 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit. | ||||