DelspoN/CVE

Releases0

Stars2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-18929 ↗	Nov 13, 2019Wednesday, 13 November 2019, 16:15	8.8 HIGH	9 HIGH
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
CVE-2019-18930 ↗	Nov 13, 2019Wednesday, 13 November 2019, 16:15	8.8 HIGH	9 HIGH
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
CVE-2019-18931 ↗	Nov 13, 2019Wednesday, 13 November 2019, 16:15	8.8 HIGH	9 HIGH
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
CVE-2018-18695 ↗	Nov 1, 2018Thursday, 1 November 2018, 17:29	—	4.6 MEDIUM
M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via a crafted MRD file.