|
247681
|
7.8 |
HIGH
Local
|
comparex
|
miss_marple
|
COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-19233
|
2024-11-21 12:57 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247682
|
7.3 |
HIGH
Network
|
advantech
|
webaccess\/scada
|
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-18999
|
2024-11-21 12:57 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247683
|
9.8 |
CRITICAL
Network
|
bosch
|
common_product_platform_4_firmware
common_product_platform_6_firmware
common_product_platform_7_firmware
common_product_platform_7.3_firmware
|
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the net…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-19036
|
2024-11-21 12:57 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247684
|
7.8 |
HIGH
Local
|
sylabs
|
singularity
|
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
|
CWE-20
Improper Input Validation
|
CVE-2018-19295
|
2024-11-21 12:57 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247685
|
9.8 |
CRITICAL
Network
|
geutebrueck
|
g-cam\/efd-2251_firmware
g-cam\/ewpc-2275_firmware
|
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
|
CWE-78
OS Command
|
CVE-2018-19007
|
2024-11-21 12:57 |
2018-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247686
|
4.3 |
MEDIUM
Network
|
sonarsource
|
sonarqube
|
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulner…
|
CWE-200
Information Exposure
|
CVE-2018-19413
|
2024-11-21 12:57 |
2018-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247687
|
7.5 |
HIGH
Network
|
ge
|
ex2100e_firmware
ls2100e_firmware
mark_vle_firmware
|
GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior …
|
CWE-22
Path Traversal
|
CVE-2018-19003
|
2024-11-21 12:57 |
2018-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247688
|
6.1 |
MEDIUM
Network
|
oracle
|
secure_global_desktop
|
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as de…
|
CWE-79
Cross-site Scripting
|
CVE-2018-19439
|
2024-11-21 12:57 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247689
|
5.5 |
MEDIUM
Local
|
qemu
canonical
debian
fedoraproject
opensuse
|
qemu
ubuntu_linux
debian_linux
fedora
leap
|
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
|
CWE-416
Use After Free
|
CVE-2018-19364
|
2024-11-21 12:57 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247690
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
|
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-19118
|
2024-11-21 12:57 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
