| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-6333 |
1 Facebook |
1 Nuclide |
2019-10-09 |
7.5 |
| The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could... |
| CVE-2018-5474 |
1 Philips |
1 Intellispace Portal |
2019-10-09 |
7.5 |
| Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. |
| CVE-2018-5447 |
1 Nrec |
1 Pcs-9611 Firmware |
2019-10-09 |
10.0 |
| An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system... |
| CVE-2018-4851 |
1 Siemens |
2 Siclock Tc100 Firmware, Siclock Tc400 Firmware |
2019-10-09 |
8.5 |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing... |
| CVE-2018-3772 |
1 Whereis Project |
1 Whereis |
2019-10-09 |
7.5 |
| Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. |
| CVE-2018-20106 |
1 Opensuse |
1 Yast2-printer |
2019-10-09 |
9.3 |
| In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires... |
| CVE-2018-1784 |
1 Ibm |
1 Api Connect |
2019-10-09 |
7.5 |
| IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807. |
| CVE-2018-1273 |
2 Pivotal Software, Apache |
3 Spring Data Commons, Spring Data Rest, Ignite |
2019-10-09 |
7.5 |
| Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or... |
| CVE-2018-1161 |
1 Quest |
1 Netvault Backup |
2019-10-09 |
10.0 |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe.... |
| CVE-2018-18999 |
1 Advantech |
1 Webaccess%2fscada |
2019-10-09 |
7.5 |
| WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. |
| CVE-2018-18988 |
|
|
2019-10-09 |
8.3 |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. |
| CVE-2018-15715 |
1 Zoom |
1 Zoom |
2019-10-09 |
7.5 |
| Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages... |
| CVE-2018-15460 |
1 Cisco |
1 Email Security Appliances Firmware |
2019-10-09 |
7.8 |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial... |
| CVE-2018-15454 |
1 Cisco |
2 Adaptive Security Appliance Software, Firepower Threat Defense |
2019-10-09 |
7.8 |
| A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected... |
| CVE-2018-15422 |
1 Cisco |
4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more |
2019-10-09 |
9.3 |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the... |
| CVE-2018-15421 |
1 Cisco |
4 Webex Meetings Online, Webex Meetings Server, Webex Business Suite 32 and 1 more |
2019-10-09 |
9.3 |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the... |
| CVE-2018-15420 |
1 Cisco |
4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more |
2019-10-09 |
9.3 |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the... |
| CVE-2018-15419 |
1 Cisco |
4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more |
2019-10-09 |
9.3 |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the... |
| CVE-2018-15418 |
1 Cisco |
5 Webex Business Suite 31, Webex Business Suite 32, Webex Business Suite 33 and 2 more |
2019-10-09 |
9.3 |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the... |
| CVE-2018-15417 |
1 Cisco |
4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more |
2019-10-09 |
9.3 |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the... |
