Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 193091 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2018-11017 The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. MEDIUM May 13, 2018 n/a
CVE-2018-11013 Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. HIGH May 13, 2018 n/a
CVE-2018-11012 ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. MEDIUM May 12, 2018 n/a
CVE-2018-11011 ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. MEDIUM May 12, 2018 n/a
CVE-2018-11010 A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. MEDIUM Jan 12, 2021 n/a
CVE-2018-11009 A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. MEDIUM Jan 13, 2021 n/a
CVE-2018-11008 An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. MEDIUM Jan 12, 2021 n/a
CVE-2018-11007 A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. MEDIUM Jan 12, 2021 n/a
CVE-2018-11006 An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. HIGH Jan 12, 2021 n/a
CVE-2018-11005 A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. MEDIUM Jan 12, 2021 n/a
CVE-2018-11004 An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add. MEDIUM May 12, 2018 n/a
CVE-2018-11003 An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. MEDIUM May 12, 2018 n/a
CVE-2018-11002 Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. MEDIUM Dec 3, 2018 n/a
CVE-2018-10999 An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. MEDIUM May 12, 2018 n/a
CVE-2018-10998 An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. MEDIUM May 12, 2018 n/a
CVE-2018-10997 Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. HIGH Jun 17, 2018 n/a
CVE-2018-10996 The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. HIGH May 12, 2018 n/a
CVE-2018-10995 SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). MEDIUM May 30, 2018 n/a
CVE-2018-10994 js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. MEDIUM May 14, 2018 n/a
CVE-2018-10992 lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523. HIGH May 11, 2018 n/a
CVE-2018-10991 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10990. Reason: This candidate is a reservation duplicate of CVE-2018-10990. Notes: All CVE users should reference CVE-2018-10990 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2018-10990 On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the credential cookie, which might make it easier for attackers to obtain access at a later time (e.g., at least for a few minutes). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. HIGH May 14, 2018 n/a
CVE-2018-10989 Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of password for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state At a minimum, you should set a login password. LOW May 14, 2018 n/a
CVE-2018-10988 An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname. HIGH Jul 5, 2018 n/a
CVE-2018-10987 An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs /mnt/skyeye/mode_switch.sh %s with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. HIGH Jul 5, 2018 n/a
CVE-2018-10986 OX Guard 2.8.0 has CSRF. MEDIUM Jul 5, 2019 n/a
CVE-2018-10982 An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. HIGH May 10, 2018 n/a
CVE-2018-10981 An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. MEDIUM May 10, 2018 n/a
CVE-2018-10977 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4. MEDIUM May 10, 2018 n/a
CVE-2018-10976 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050. MEDIUM May 10, 2018 n/a
CVE-2018-10975 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104. MEDIUM May 10, 2018 n/a
CVE-2018-10974 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100. MEDIUM May 10, 2018 n/a
CVE-2018-10973 An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters. MEDIUM May 10, 2018 n/a
CVE-2018-10972 An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. MEDIUM May 10, 2018 n/a
CVE-2018-10971 An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file. MEDIUM May 10, 2018 n/a
CVE-2018-10969 SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. HIGH Jun 18, 2018 n/a
CVE-2018-10968 On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. HIGH May 18, 2018 n/a
CVE-2018-10967 On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. HIGH May 18, 2018 n/a
CVE-2018-10966 An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret. HIGH Jun 5, 2018 n/a
CVE-2018-10963 The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. MEDIUM May 9, 2018 n/a
CVE-2018-10962 An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered. LOW May 9, 2018 n/a
CVE-2018-10959 Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker\'s process launch. MEDIUM Apr 24, 2019 n/a
CVE-2018-10958 In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. MEDIUM May 9, 2018 n/a
CVE-2018-10957 CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. MEDIUM May 9, 2018 n/a
CVE-2018-10956 IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. MEDIUM Jun 25, 2018 n/a
CVE-2018-10955 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548. MEDIUM May 9, 2018 n/a
CVE-2018-10954 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550. MEDIUM May 9, 2018 n/a
CVE-2018-10953 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C. MEDIUM May 9, 2018 n/a
CVE-2018-10952 In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088. MEDIUM May 9, 2018 n/a
CVE-2018-10951 mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. MEDIUM May 9, 2018 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online