Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5111 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5121 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58. | |||||
| CVE-2017-17315 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal. | |||||
| CVE-2018-4992 | 1 Adobe | 1 Creative Cloud | 2018-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
| CVE-2018-11367 | 1 Cppcms | 1 Cppcms | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module. | |||||
| CVE-2018-3611 | 1 Intel | 1 Graphics Driver | 2018-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access. | |||||
| CVE-2018-11321 | 1 Joomla | 1 Joomla\! | 2018-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. | |||||
| CVE-2017-0148 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | |||||
| CVE-2017-0146 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148. | |||||
| CVE-2017-0145 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. | |||||
| CVE-2017-0143 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | |||||
| CVE-2017-0144 | 1 Microsoft | 9 Server Message Block, Windows 10, Windows 7 and 6 more | 2018-06-21 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | |||||
| CVE-2016-8650 | 1 Linux | 1 Linux Kernel | 2018-06-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. | |||||
| CVE-2018-11232 | 1 Linux | 1 Linux Kernel | 2018-06-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. | |||||
| CVE-2018-3612 | 1 Intel | 18 Ayaplcel.86a, Bios, Bnkbl357.86a and 15 more | 2018-06-18 | 7.2 HIGH | 7.8 HIGH |
| Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). | |||||
| CVE-2014-9653 | 3 Debian, File Project, Php | 3 Debian Linux, File, Php | 2018-06-16 | 7.5 HIGH | N/A |
| readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2018-11034 | 1 2345.cc | 1 Security Guard | 2018-06-15 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D. | |||||
| CVE-2018-11035 | 1 2345.cc | 1 Security Guard | 2018-06-15 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019. | |||||
| CVE-2017-14438 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2018-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. | |||||
| CVE-2017-14439 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2018-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. | |||||
| CVE-2017-12124 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2018-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. | |||||
| CVE-2018-0959 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-06-14 | 7.4 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-0961 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-06-14 | 7.4 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2017-6867 | 1 Siemens | 3 Simatic Wincc, Simatic Wincc \(tia Portal\), Simatic Wincc Runtime | 2018-06-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. | |||||
| CVE-2017-13144 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. | |||||
| CVE-2018-10260 | 1 Hrsale Project | 1 Hrsale | 2018-06-13 | 6.5 MEDIUM | 8.8 HIGH |
| A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | |||||
| CVE-2018-5514 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. | |||||
| CVE-2018-5517 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. | |||||
| CVE-2018-5515 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-06-13 | 6.3 MEDIUM | 4.4 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. | |||||
| CVE-2018-10830 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2018-06-13 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0. | |||||
| CVE-2018-10809 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2018-06-13 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873. | |||||
| CVE-2017-15043 | 1 Sierrawireless | 20 Es440, Es440 Firmware, Es450 and 17 more | 2018-06-13 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system. | |||||
| CVE-2018-8115 | 1 Microsoft | 1 Windows Host Compute Service Shim | 2018-06-13 | 9.3 HIGH | 8.6 HIGH |
| A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute. | |||||
| CVE-2018-10578 | 1 Watchguard | 8 Ap100, Ap100 Firmware, Ap102 and 5 more | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. | |||||
| CVE-2018-10974 | 1 2345.cc | 1 Security Guard | 2018-06-13 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100. | |||||
| CVE-2018-10975 | 1 2345.cc | 1 Security Guard | 2018-06-13 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104. | |||||
| CVE-2018-10976 | 1 2345.cc | 1 Security Guard | 2018-06-13 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050. | |||||
| CVE-2018-10977 | 1 2345.cc | 1 Security Guard | 2018-06-13 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4. | |||||
| CVE-2018-10799 | 1 Brave | 1 Brave | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element. | |||||
| CVE-2018-10798 | 1 Brave | 1 Brave | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second. | |||||
| CVE-2018-10796 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2018-06-13 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014. | |||||
| CVE-2017-11665 | 1 Ffmpeg | 1 Ffmpeg | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | |||||
| CVE-2018-10955 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2018-06-12 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548. | |||||
| CVE-2018-10952 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2018-06-12 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088. | |||||
| CVE-2018-10953 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2018-06-12 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C. | |||||
| CVE-2018-10954 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2018-06-12 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550. | |||||
| CVE-2018-10468 | 1 Uetoken | 1 Useless Ethereum Token | 2018-06-12 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue. | |||||
| CVE-2017-18262 | 1 Blackboard | 1 Blackboard Learn | 2018-06-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | |||||
| CVE-2018-10776 | 1 Mp3gain | 1 Mp3gain | 2018-06-12 | 6.8 MEDIUM | 7.8 HIGH |
| The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact. | |||||
| CVE-2016-5272 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-06-12 | 6.8 MEDIUM | 8.8 HIGH |
| The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||