Total
316226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6664 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 6.5 MEDIUM | 5.8 MEDIUM |
| Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | |||||
| CVE-2018-6662 | 2 Apple, Mcafee | 2 Mac Os X, Management Of Native Encryption | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | |||||
| CVE-2018-6661 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. | |||||
| CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 6.2 MEDIUM |
| Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | |||||
| CVE-2018-6659 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 LOW | 3.7 LOW |
| Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | |||||
| CVE-2018-6656 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | |||||
| CVE-2018-6655 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. | |||||
| CVE-2018-6654 | 1 Grammarly | 1 Grammarly | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site. | |||||
| CVE-2018-6653 | 2 Comforte, Hp | 2 Swap, Nonstop Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in SSLOBJ on HPE NonStop SSL T0910, and in the comforte SecurCS, SecurFTP, SecurLib/SSL-AT, and SecurTN products), after executing the RELOAD CERTIFICATES command, does not ensure that clients use a strong TLS cipher suite, which makes it easier for remote attackers to defeat intended cryptographic protection mechanisms by sniffing the network. This is fixed in 21.6.0. | |||||
| CVE-2018-6651 | 2 Parsecgaming, Uncurl Project | 2 Parsec, Uncurl | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer. | |||||
| CVE-2018-6644 | 1 Sblim Project | 1 Small Footprint Cim Broker | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. | |||||
| CVE-2018-6643 | 1 Infoblox | 1 Netmri | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. | |||||
| CVE-2018-6641 | 1 Wiris | 1 Mathtype | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d. | |||||
| CVE-2018-6640 | 1 Wiris | 1 Mathtype | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | |||||
| CVE-2018-6639 | 1 Wiris | 1 Mathtype | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d. | |||||
| CVE-2018-6638 | 1 Wiris | 1 Mathtype | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d. | |||||
| CVE-2018-6635 | 1 Avaya | 1 Aura | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896. | |||||
| CVE-2018-6634 | 3 Canonical, Microsoft, Parsecgaming | 3 Ubuntu Linux, Windows, Parsec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | |||||
| CVE-2018-6633 | 1 Micropoint | 1 Proactive Defense | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038. | |||||
| CVE-2018-6632 | 1 Micropoint | 1 Proactive Defense | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000110. | |||||