Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6167 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6166 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6165 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2018-6163 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6175 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-16806 | 1 Pektron | 2 Passive Keyless Entry And Start System, Passive Keyless Entry And Start System Firmware | 2019-10-03 | 3.3 LOW | 6.5 MEDIUM |
| A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds. | |||||
| CVE-2018-6173 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6135 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2018-6172 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6112 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2018-6108 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. | |||||
| CVE-2018-6107 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6105 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6104 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6098 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6049 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. | |||||
| CVE-2018-6019 | 1 Samsung | 1 Display Solutions | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. | |||||
| CVE-2018-5795 | 1 Extremewireless | 1 Wing | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller. | |||||
| CVE-2018-5772 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. | |||||
| CVE-2018-14055 | 2 Debian, Znc | 2 Debian Linux, Znc | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | |||||
| CVE-2018-5762 | 1 Unisys | 1 Clearpath Mcp | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
| CVE-2018-5759 | 1 Artifex | 1 Mujs | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file. | |||||
| CVE-2017-9253 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. | |||||
| CVE-2017-9254 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. | |||||
| CVE-2018-5505 | 1 F5 | 2 Big-ip Analytics, Big-ip Application Security Manager | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. | |||||
| CVE-2018-5508 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option. | |||||
| CVE-2018-5489 | 1 Netapp | 1 7-mode Transition Tool | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities. | |||||
| CVE-2018-5482 | 1 Netapp | 1 Snapcenter Server | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. | |||||
| CVE-2018-13787 | 1 Supermicro | 220 A1sa, A1sa Firmware, A1sai and 217 more | 2019-10-03 | 7.2 HIGH | 6.7 MEDIUM |
| Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. | |||||
| CVE-2017-9261 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2018-13419 | 1 Libsndfile Project | 1 Libsndfile | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue. | |||||
| CVE-2017-9262 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2018-1338 | 1 Apache | 1 Tika | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. | |||||
| CVE-2018-5358 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. | |||||
| CVE-2018-13355 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | |||||
| CVE-2018-5357 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. | |||||
| CVE-2018-5296 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | |||||
| CVE-2018-5252 | 1 Entropymine | 1 Imageworsener | 2019-10-03 | 2.6 LOW | 5.3 MEDIUM |
| libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c. | |||||
| CVE-2018-5251 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-5247 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | |||||
| CVE-2018-5246 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | |||||
| CVE-2018-5185 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |||||
| CVE-2018-5152 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5117 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | |||||
| CVE-2018-4868 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. | |||||
| CVE-2018-17197 | 1 Apache | 1 Tika | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | |||||
| CVE-2018-17175 | 1 Marshmallow Project | 1 Marshmallow | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only"). | |||||
| CVE-2018-4847 | 1 Siemens | 1 Simatic Wincc Oa Operator | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue. | |||||
| CVE-2017-9440 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-9493 | 2 Cisco, Motorola | 2 Mx011anm Firmware, Mx011anm | 2019-10-03 | 5.8 MEDIUM | 6.3 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code. | |||||