Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11184 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). | |||||
| CVE-2018-11185 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46). | |||||
| CVE-2018-11186 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46). | |||||
| CVE-2018-11187 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). | |||||
| CVE-2018-11188 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). | |||||
| CVE-2018-11189 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | |||||
| CVE-2018-11190 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | |||||
| CVE-2018-11191 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | |||||
| CVE-2018-11192 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | |||||
| CVE-2018-11193 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | |||||
| CVE-2018-11194 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | |||||
| CVE-2018-11209 | 1 Zblogcn | 1 Z-blogphp | 2019-10-03 | 4.0 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue. | |||||
| CVE-2018-1122 | 3 Canonical, Debian, Procps-ng Project | 3 Ubuntu Linux, Debian Linux, Procps-ng | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. | |||||
| CVE-2018-11220 | 1 Bitmain | 6 Antminer D3, Antminer D3 Firmware, Antminer L3\+ and 3 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function. | |||||
| CVE-2018-11257 | 1 Qualcomm | 10 Sd 205, Sd 205 Firmware, Sd 210 and 7 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. | |||||
| CVE-2018-11259 | 1 Qualcomm | 76 Mdm9206, Mdm9206 Firmware, Mdm9607 and 73 more | 2019-10-03 | 3.6 LOW | 7.7 HIGH |
| Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. | |||||
| CVE-2018-11277 | 1 Qualcomm | 40 Msm8909w, Msm8909w Firmware, Msm8996au and 37 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue. | |||||
| CVE-2018-11290 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use. | |||||
| CVE-2018-11291 | 1 Qualcomm | 72 Ipq8074, Ipq8074 Firmware, Mdm9206 and 69 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN. | |||||
| CVE-2018-4890 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack. | |||||
| CVE-2018-4862 | 1 Octopus | 1 Octopus Deploy | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges. | |||||
| CVE-2018-11319 | 2 Debian, Syntastic Project | 2 Debian Linux, Syntastic | 2019-10-03 | 8.5 HIGH | 7.5 HIGH |
| Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed. | |||||
| CVE-2018-11323 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | |||||
| CVE-2018-11593 | 1 Espruino | 1 Espruino | 2019-10-03 | 5.8 MEDIUM | 7.1 HIGH |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c. | |||||
| CVE-2018-4858 | 1 Siemens | 12 Digsi 4, Digsi 4 Firmware, Digsi 5 and 9 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | |||||
| CVE-2018-11646 | 1 Webkitgtk | 1 Webkitgtk\+ | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. | |||||
| CVE-2018-1154 | 1 Tenable | 1 Securitycenter | 2019-10-03 | 3.3 LOW | 8.8 HIGH |
| In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue. | |||||
| CVE-2018-13140 | 3 Druide, Linux, Microsoft | 3 Antidote 9, Linux Kernel, Windows | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages. | |||||
| CVE-2018-13418 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | |||||
| CVE-2018-13420 | 1 Gperftools Project | 1 Gperftools | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program. | |||||
| CVE-2018-4361 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4237 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error. | |||||
| CVE-2018-4227 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. | |||||
| CVE-2018-4220 | 1 Apple | 1 Swift | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading. | |||||
| CVE-2018-4218 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. | |||||
| CVE-2018-4183 | 1 Apple | 1 Mac Os X | 2019-10-03 | 7.2 HIGH | 8.2 HIGH |
| In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions. | |||||
| CVE-2018-4182 | 1 Apple | 1 Mac Os X | 2019-10-03 | 7.2 HIGH | 8.2 HIGH |
| In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS. | |||||
| CVE-2018-4180 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
| CVE-2018-4170 | 1 Apple | 1 Mac Os X | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution. | |||||
| CVE-2018-4190 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-10-03 | 4.3 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | |||||
| CVE-2018-4167 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4166 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4158 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4157 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-3928 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | |||||
| CVE-2018-3910 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2019-10-03 | 5.4 MEDIUM | 8.0 HIGH |
| An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID. | |||||
| CVE-2018-3834 | 1 Insteon | 2 Hub, Hub Firmware | 2019-10-03 | 7.8 HIGH | 7.4 HIGH |
| An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image. | |||||
| CVE-2018-3704 | 1 Intel | 2 Parallel Studio, Parallel Studio Xe | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access. | |||||
| CVE-2018-3703 | 2 Intel, Microsoft | 2 Ssd Data Center Tool, Windows | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access. | |||||
| CVE-2018-3701 | 1 Intel | 1 Proset\/wireless Wifi | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||