The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-14840 | uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | MEDIUM | Aug 8, 2018 |
| CVE-2018-14839 | LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | HIGH | May 16, 2019 |
| CVE-2018-14838 | rejucms 2.1 has stored XSS via the admin/book.php content parameter. | MEDIUM | Aug 1, 2018 |
| CVE-2018-14837 | Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. | LOW | Aug 10, 2018 |
| CVE-2018-14836 | Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel. | MEDIUM | Aug 1, 2018 |
| CVE-2018-14835 | Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. | LOW | Aug 1, 2018 |
| CVE-2018-14833 | Intuit Lacerte 2017 has Incorrect Access Control. | MEDIUM | Jul 16, 2019 |
| CVE-2018-14831 | An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI. | MEDIUM | Jul 17, 2019 |
| CVE-2018-14829 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code. | HIGH | Sep 21, 2018 |
| CVE-2018-14828 | Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | HIGH | Oct 23, 2018 |
| CVE-2018-14827 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality. | MEDIUM | Sep 20, 2018 |
| CVE-2018-14826 | Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution. | HIGH | Oct 5, 2018 |
| CVE-2018-14825 | On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents. | MEDIUM | Sep 24, 2018 |
| CVE-2018-14824 | Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior has an out-of-bounds read vulnerability that can be executed when processing project files, which may allow an attacker to read confidential information. | MEDIUM | Sep 29, 2018 |
| CVE-2018-14823 | Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. | HIGH | Sep 27, 2018 |
| CVE-2018-14822 | Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code. | HIGH | Oct 5, 2018 |
| CVE-2018-14821 | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality. | MEDIUM | Sep 21, 2018 |
| CVE-2018-14820 | Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | MEDIUM | Oct 23, 2018 |
| CVE-2018-14819 | Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution. | HIGH | Sep 27, 2018 |
| CVE-2018-14818 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution. | HIGH | Oct 8, 2018 |
| CVE-2018-14817 | Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. | HIGH | Sep 27, 2018 |
| CVE-2018-14816 | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | HIGH | Oct 23, 2018 |
| CVE-2018-14815 | Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution. | HIGH | Sep 27, 2018 |
| CVE-2018-14814 | WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object. | MEDIUM | Mar 29, 2019 |
| CVE-2018-14813 | Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | HIGH | Sep 27, 2018 |
| CVE-2018-14812 | An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. | MEDIUM | Oct 25, 2018 |
| CVE-2018-14811 | Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. | HIGH | Sep 27, 2018 |
| CVE-2018-14810 | WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator. | HIGH | Oct 8, 2018 |
| CVE-2018-14809 | Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. | HIGH | Sep 26, 2018 |
| CVE-2018-14808 | Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. | MEDIUM | Oct 2, 2018 |
| CVE-2018-14807 | A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution. | HIGH | Oct 18, 2018 |
| CVE-2018-14806 | Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | HIGH | Oct 23, 2018 |
| CVE-2018-14805 | ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | HIGH | Aug 29, 2018 |
| CVE-2018-14804 | Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. | HIGH | Oct 2, 2018 |
| CVE-2018-14803 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. | MEDIUM | Sep 27, 2018 |
| CVE-2018-14802 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution. | HIGH | Oct 2, 2018 |
| CVE-2018-14801 | In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | HIGH | Aug 23, 2018 |
| CVE-2018-14800 | Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application. | MEDIUM | Oct 5, 2018 |
| CVE-2018-14799 | In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. | MEDIUM | Aug 23, 2018 |
| CVE-2018-14798 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. | MEDIUM | Oct 2, 2018 |
| CVE-2018-14797 | Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | MEDIUM | Aug 24, 2018 |
| CVE-2018-14796 | Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. | HIGH | Sep 20, 2018 |
| CVE-2018-14795 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | MEDIUM | Aug 22, 2018 |
| CVE-2018-14794 | Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer. | HIGH | Oct 2, 2018 |
| CVE-2018-14793 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. | MEDIUM | Aug 22, 2018 |
| CVE-2018-14792 | WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files. | MEDIUM | Sep 19, 2018 |
| CVE-2018-14791 | Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | MEDIUM | Aug 24, 2018 |
| CVE-2018-14790 | Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. | HIGH | Oct 2, 2018 |
| CVE-2018-14789 | In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | MEDIUM | Aug 22, 2018 |
| CVE-2018-14788 | Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. | MEDIUM | Oct 2, 2018 |
