CVE-2018-19242
published 2018-12-20CVE-2018-19242: Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified…
PriorityP353high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.94%
85.4th percentile
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ghost | sqlite3 | >= 0 < 3.11.0-1ubuntu1.3 | 3.11.0-1ubuntu1.3 |
| ghost | sqlite3 | >= 0 < 3.22.0-1ubuntu0.2 | 3.22.0-1ubuntu0.2 |
| trendnet | tew-632brp_firmware | — | — |
| trendnet | tew-673gru_firmware | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x39m-5345-h729: Buffer overflow in apply
ghsa_unreviewed·2022-05-14
CVE-2018-19242 [HIGH] CWE-119 GHSA-x39m-5345-h729: Buffer overflow in apply
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).
OSV
sqlite3 vulnerabilities
osv·2019-12-02·CVSS 7.5
CVE-2018-8740 sqlite3 vulnerabilities
sqlite3 vulnerabilities
It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 12.04 ESM. (CVE-2018-8740)
It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.04.
(CVE-2019-16168)
It was discovered that SQLite incorrectly handled certain schemas.
An attacker could possibly use this issue to mishandles some expressions.
This issue only affected Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19242)
It was discovered that SQLite incorrectly handled certain queries.
An attacker could possibly use this issue to execute arbitr
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2018/Dec/21http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2018/Dec/21
2018-12-20
Published