Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7287 | 1 Digium | 1 Asterisk | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop). | |||||
| CVE-2018-4026 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot. | |||||
| CVE-2018-25007 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 4.0 MEDIUM | 2.6 LOW |
| Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message. | |||||
| CVE-2018-20840 | 1 Google | 1 Api C\+\+ Client | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server. | |||||
| CVE-2018-18690 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. | |||||
| CVE-2018-15815 | 1 Faststone | 1 Image Viewer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted issue starting at image00400000+0x00000000003ef68a via a crafted image file. | |||||
| CVE-2018-13013 | 1 Safensoft | 3 Enterprise Suite, Syswatch, Tpsecure | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.) | |||||
| CVE-2018-12189 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access. | |||||
| CVE-2018-0005 | 1 Juniper | 19 Ex2200, Ex2200-c, Ex2300 and 16 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7. | |||||
| CVE-2017-18914 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | |||||
| CVE-2017-18657 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017). | |||||
| CVE-2017-18650 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017). | |||||
| CVE-2017-12119 | 1 Ethereum | 1 Cpp-ethereum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. | |||||
| CVE-2024-10945 | 2024-11-13 | N/A | 7.3 HIGH | ||
| A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation. | |||||
| CVE-2024-35424 | 2024-11-12 | N/A | 5.5 MEDIUM | ||
| vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-35421 | 2024-11-12 | N/A | 5.5 MEDIUM | ||
| vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-35427 | 2024-11-12 | N/A | 5.5 MEDIUM | ||
| vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c. | |||||
| CVE-2024-45085 | 1 Ibm | 1 Websphere Application Server | 2024-11-08 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. | |||||
| CVE-2024-44235 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-30 | N/A | 4.6 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. | |||||
| CVE-2024-44174 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen. | |||||