Total
30633 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4172 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore. | |||||
| CVE-2018-4164 | 1 Apple | 1 Xcode | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component. | |||||
| CVE-2018-4131 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 4.3 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states. | |||||
| CVE-2018-4110 | 1 Apple | 1 Iphone Os | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence. | |||||
| CVE-2018-4091 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism. | |||||
| CVE-2018-4058 | 1 Coturn Project | 1 Coturn | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability. | |||||
| CVE-2018-4018 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability. | |||||
| CVE-2018-3934 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability. | |||||
| CVE-2018-3833 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. | |||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | |||||
| CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | |||||
| CVE-2018-3698 | 1 Intel | 1 Ready Mode Technology | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. | |||||
| CVE-2018-3693 | 7 Arm, Fujitsu, Intel and 4 more | 228 Cortex-a, Cortex-r, M12-1 and 225 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | |||||
| CVE-2018-3691 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. | |||||
| CVE-2018-3689 | 2 Intel, Linux | 2 Software Guard Extensions, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. | |||||
| CVE-2018-3679 | 1 Intel | 1 Data Center Manager | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. | |||||
| CVE-2018-3672 | 1 Intel | 1 Intel Smart Sound Technology | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. | |||||