Total
10072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18074 | 1 Qualcomm | 46 Mdm9607, Mdm9607 Firmware, Mdm9625 and 43 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs. | |||||
| CVE-2017-16026 | 1 Request Project | 1 Request | 2024-02-04 | 7.1 HIGH | 5.9 MEDIUM |
| Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0. | |||||
| CVE-2018-11046 | 1 Pivotal Software | 1 Operations Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager | |||||
| CVE-2018-5141 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 6.4 MEDIUM | 8.2 HIGH |
| A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-6633 | 1 Micropoint | 1 Proactive Defense | 2024-02-04 | 6.1 MEDIUM | 7.8 HIGH |
| In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038. | |||||
| CVE-2018-5731 | 1 Heimdalsecurity | 1 Heimdal | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the file in the window between md.hs closing the file and executing it. This can be exploited via opportunistic locks and a high priority thread. The vulnerability is triggered when a scan starts. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. | |||||
| CVE-2018-8869 | 1 Lantech | 2 Ids 2102, Ids 2102 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2017-12502 | 1 Hp | 1 Intelligent Management Center | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2017-3197 | 1 Gigabyte | 4 Gb-bsi7h-6500, Gb-bsi7h-6500 Firmware, Gb-bxi7-5775 and 1 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. | |||||
| CVE-2018-9041 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-02-04 | 6.1 MEDIUM | 7.8 HIGH |
| In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004. | |||||
| CVE-2017-1000402 | 1 Jenkins | 1 Swarm | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. | |||||
| CVE-2017-12500 | 1 Hp | 1 Intelligent Management Center | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2018-12694 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | |||||
| CVE-2018-1000049 | 1 Nanopool | 1 Claymore Dual Miner | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled. | |||||
| CVE-2018-2424 | 1 Sap | 4 Hana Database, Ui, Ui5 and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 | |||||
| CVE-2011-2902 | 2 Debian, Glyphandcog | 2 Debian Linux, Xpdf | 2024-02-04 | 6.4 MEDIUM | 5.3 MEDIUM |
| zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. | |||||
| CVE-2017-15390 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2018-5753 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address. | |||||
| CVE-2015-9239 | 1 Ansi2html Project | 1 Ansi2html | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ansi2html is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | |||||
| CVE-2017-5780 | 1 Hp | 1 Matrix Operating Environment | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found. | |||||