Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11173 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46). | |||||
| CVE-2018-11174 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46). | |||||
| CVE-2018-11175 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46). | |||||
| CVE-2018-11176 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46). | |||||
| CVE-2018-11177 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46). | |||||
| CVE-2018-11178 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46). | |||||
| CVE-2018-11179 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46). | |||||
| CVE-2018-11180 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46). | |||||
| CVE-2018-11181 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46). | |||||
| CVE-2018-11182 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46). | |||||
| CVE-2018-11183 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46). | |||||
| CVE-2018-11184 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). | |||||
| CVE-2018-11185 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46). | |||||
| CVE-2018-11186 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46). | |||||
| CVE-2018-11187 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). | |||||
| CVE-2018-11188 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). | |||||
| CVE-2018-11189 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | |||||
| CVE-2018-11190 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | |||||
| CVE-2018-11191 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | |||||
| CVE-2018-11192 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | |||||
| CVE-2018-11193 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | |||||
| CVE-2018-11194 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | |||||
| CVE-2018-1141 | 1 Tenable | 1 Nessus | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. | |||||
| CVE-2018-11646 | 1 Webkitgtk | 1 Webkitgtk\+ | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. | |||||
| CVE-2018-11625 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | |||||
| CVE-2018-11634 | 1 Dialogic | 1 Powermedia Xms | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | |||||
| CVE-2018-12062 | 1 Swft | 1 Swftcoin | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-12063 | 1 Intchain | 1 Node Token | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-12067 | 1 Substratum | 1 Substratum | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-12068 | 1 Tgtcoins | 1 Target Coin | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-12070 | 1 Sec Project | 1 Sec | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-12080 | 1 Intchain | 1 Node Token | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | |||||
| CVE-2018-12081 | 1 Tgtcoins | 1 Target Coin | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | |||||
| CVE-2018-12082 | 1 Fujinto Project | 1 Fujinto | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | |||||
| CVE-2018-12083 | 1 Goal Bonanza Project | 1 Goal Bonanza | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GOAL Bonanza (GOAL), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | |||||
| CVE-2018-12084 | 1 Bitasean | 1 Bitasean | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue. | |||||
| CVE-2018-12093 | 1 Tinyexr Project | 1 Tinyexr | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h. | |||||
| CVE-2018-12131 | 1 Intel | 3 Client Nvme, Datacenter Nvme, Rapid Storage Technology | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access. | |||||
| CVE-2018-12148 | 1 Intel | 1 Driver \& Support Assistant | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access. | |||||
| CVE-2018-12180 | 2 Opensuse, Tianocore | 2 Leap, Edk Ii | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. | |||||
| CVE-2018-12162 | 1 Intel | 1 Openvino Toolkit | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access. | |||||
| CVE-2018-12168 | 1 Intel | 1 Computing Improvement Program | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access. | |||||
| CVE-2018-12173 | 1 Intel | 28 Compute Module Hns2600bp, Compute Module Hns2600bp Firmware, Compute Module Hns2600bpr and 25 more | 2019-10-03 | 7.2 HIGH | 7.6 HIGH |
| Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access. | |||||
| CVE-2018-12175 | 1 Intel | 1 Distribution For Python | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. | |||||
| CVE-2018-12176 | 1 Intel | 29 Compute Card Cd1iv128mk, Compute Card Cd1m3128mk, Compute Card Cd1p64gk and 26 more | 2019-10-03 | 7.2 HIGH | 8.2 HIGH |
| Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access. | |||||
| CVE-2018-12177 | 1 Intel | 24 Dual Band Wireless-ac 3160, Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168 and 21 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-12220 | 1 Intel | 1 Graphics Driver | 2019-10-03 | 7.2 HIGH | 8.2 HIGH |
| Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access. | |||||
| CVE-2018-12238 | 1 Symantec | 3 Endpoint Protection, Endpoint Protection Cloud, Norton Antivirus | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. | |||||
| CVE-2018-12248 | 1 Mruby | 1 Mruby | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber. | |||||
| CVE-2018-12333 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. | |||||