Total
10068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5499 | 1 Atto | 2 Fibrebridge 7500n, Fibrebridge 7500n Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2018-14055 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | |||||
| CVE-2018-15411 | 1 Cisco | 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | |||||
| CVE-2019-5717 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | |||||
| CVE-2018-0467 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. | |||||
| CVE-2018-14774 | 1 Sensiolabs | 1 Symfony | 2024-02-04 | 5.0 MEDIUM | 7.2 HIGH |
| An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection. | |||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | |||||
| CVE-2017-15402 | 1 Google | 2 Chrome, Chrome Os | 2024-02-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2018-12807 | 1 Adobe | 1 Experience Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification. | |||||
| CVE-2017-15426 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2018-12448 | 1 Navercorp | 1 Whale | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name. | |||||
| CVE-2018-0027 | 1 Juniper | 1 Junos | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1. | |||||
| CVE-2018-15415 | 1 Cisco | 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system. | |||||
| CVE-2018-6046 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. | |||||
| CVE-2018-7432 | 1 Splunk | 1 Splunk | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | |||||
| CVE-2018-8612 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | |||||
| CVE-2018-4037 | 1 Macpaw | 1 Cleanmymac X | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. | |||||
| CVE-2018-15454 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available. | |||||
| CVE-2018-14680 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | |||||
| CVE-2017-17311 | 1 Huawei | 8 Usg2205bsr, Usg2205bsr Firmware, Usg2220bsr and 5 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. | |||||