Search
Total
2662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000523 | 1 Topydo | 1 Topydo | 2018-08-30 | 5.8 MEDIUM | 8.1 HIGH |
| topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line.. | |||||
| CVE-2018-12702 | 1 Gve | 1 Globalvillage Ecosystem | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | |||||
| CVE-2018-12703 | 1 Block18 | 1 Block18 | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | |||||
| CVE-2018-3597 | 1 Google | 1 Android | 2018-08-28 | 4.6 MEDIUM | 7.8 HIGH |
| In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur. | |||||
| CVE-2018-12694 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2018-08-24 | 7.8 HIGH | 7.5 HIGH |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | |||||
| CVE-2017-6345 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. | |||||
| CVE-2017-9312 | 1 Rockwellautomation | 2 Allen-bradley L30erms, Allen-bradley L30erms Firmware | 2018-08-23 | 7.8 HIGH | 7.5 HIGH |
| Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. | |||||
| CVE-2018-8030 | 1 Apache | 1 Qpid Broker-j | 2018-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected. | |||||
| CVE-2018-12712 | 1 Joomla | 1 Joomla\! | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | |||||
| CVE-2018-12999 | 1 Zohocorp | 1 Manageengine Desktop Central | 2018-08-20 | 6.4 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | |||||
| CVE-2018-12988 | 1 Greencms | 1 Greencms | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | |||||
| CVE-2017-14650 | 1 Horde | 1 Horde Image Api | 2018-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line. | |||||
| CVE-2017-16837 | 1 Trusted Boot Project | 1 Trusted Boot | 2018-08-17 | 4.6 MEDIUM | 7.8 HIGH |
| Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. | |||||
| CVE-2018-5136 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-11222 | 1 Artica | 1 Pandora Fms | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | |||||
| CVE-2017-17173 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Fimware | 2018-08-13 | 9.3 HIGH | 7.8 HIGH |
| Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution. | |||||
| CVE-2018-12561 | 1 Cantata Project | 1 Cantata | 2018-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL. | |||||
| CVE-2018-12635 | 1 Circontrol | 1 Scada | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. | |||||
| CVE-2018-10363 | 1 Wpdevart | 1 Booking Calendar | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices. | |||||
| CVE-2017-5449 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-12070 | 1 Opcfoundation | 1 Ua-.net-legacy | 2018-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | |||||
| CVE-2017-5421 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2017-5422 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2018-3582 | 1 Google | 1 Android | 2018-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-12025 | 1 Futurxe | 1 Futurxe | 2018-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key. | |||||
| CVE-2017-7814 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-06 | 6.8 MEDIUM | 7.8 HIGH |
| File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7804 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2018-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2018-5141 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 6.4 MEDIUM | 8.2 HIGH |
| A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-6515 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2018-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation. | |||||
| CVE-2018-5513 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-08-01 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. | |||||
| CVE-2017-7783 | 1 Mozilla | 1 Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-7762 | 2 Mozilla, Redhat | 4 Firefox, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. | |||||
| CVE-2017-5450 | 1 Mozilla | 1 Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53. | |||||
| CVE-2016-9065 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2018-12046 | 1 Dedecms | 1 Dedecms | 2018-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | |||||
| CVE-2018-12492 | 1 Phpok | 1 Phpok | 2018-07-27 | 6.4 MEDIUM | 7.5 HIGH |
| PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | |||||
| CVE-2018-3852 | 1 Onssi | 1 Ocularis | 2018-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2018-12041 | 1 Mediatek | 2 Awus036nh, Awus036nh Firmware | 2018-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames. | |||||
| CVE-2018-11518 | 1 Hcltech | 2 Legacy Ivr, Legacy Ivr Firmware | 2018-07-20 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). | |||||
| CVE-2018-11548 | 1 Block | 1 Eos | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. | |||||
| CVE-2017-18123 | 2 Debian, Dokuwiki | 2 Debian Linux, Dokuwiki | 2018-07-07 | 9.3 HIGH | 8.6 HIGH |
| The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. | |||||
| CVE-2018-11481 | 1 Tp-link | 8 Ipc Tl-ipc223\(p\)-6, Ipc Tl-ipc223\(p\)-6 Firmware, Tl-ipc323k-d and 5 more | 2018-07-05 | 6.5 MEDIUM | 8.8 HIGH |
| TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. | |||||
| CVE-2015-0899 | 1 Apache | 1 Struts | 2018-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | |||||
| CVE-2016-3090 | 1 Apache | 1 Struts | 2018-07-01 | 6.5 MEDIUM | 8.8 HIGH |
| The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. | |||||
| CVE-2015-5209 | 1 Apache | 1 Struts | 2018-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | |||||
| CVE-2018-4943 | 1 Adobe | 1 Push Notifications | 2018-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app. | |||||
| CVE-2018-11411 | 1 Dimoncoin | 1 Dimoncoin | 2018-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect. | |||||
| CVE-2018-1137 | 1 Moodle | 1 Moodle | 2018-06-25 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. | |||||
| CVE-2018-4992 | 1 Adobe | 1 Creative Cloud | 2018-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
| CVE-2018-11367 | 1 Cppcms | 1 Cppcms | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module. | |||||