|
246121
|
7.5 |
HIGH
Network
|
lenovo
|
system_management_module_firmware
|
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
|
CWE-78
OS Command
|
CVE-2018-16090
|
2024-11-21 12:52 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246122
|
7.5 |
HIGH
Network
|
lenovo
|
system_management_module_firmware
|
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as…
|
CWE-78
OS Command
|
CVE-2018-16089
|
2024-11-21 12:52 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246123
|
5.3 |
MEDIUM
Network
|
ismartalarm
|
cubeone_firmware
|
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and …
|
CWE-200
Information Exposure
|
CVE-2018-16224
|
2024-11-21 12:52 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246124
|
9.8 |
CRITICAL
Network
|
qbeecam
|
qbeecam
|
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and passwor…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-16223
|
2024-11-21 12:52 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246125
|
6.8 |
MEDIUM
Physics
|
ismartalarm
|
ismartalarm
|
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-16222
|
2024-11-21 12:52 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246126
|
8.1 |
HIGH
Network
|
ruby-lang
canonical
debian
redhat
|
ruby
ubuntu_linux
debian_linux
enterprise_linux
|
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some f…
|
NVD-CWE-noinfo
|
CVE-2018-16396
|
2024-11-21 12:52 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246127
|
9.8 |
CRITICAL
Network
|
ruby-lang
canonical
debian
redhat
|
ruby
openssl
ubuntu_linux
debian_linux
enterprise_linux
|
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using =…
|
NVD-CWE-noinfo
|
CVE-2018-16395
|
2024-11-21 12:52 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246128
|
6.5 |
MEDIUM
Network
|
opendolphin
|
opendolphin
|
OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-16163
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246129
|
8.8 |
HIGH
Network
|
opendolphin
|
opendolphin
|
OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-16162
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246130
|
8.8 |
HIGH
Network
|
opendolphin
|
opendolphin
|
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.
|
NVD-CWE-noinfo
|
CVE-2018-16161
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
