Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20851 | 1 Helpy.io | 1 Helpy | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Helpy before 2.2.0 allows agents to edit admins. | |||||
| CVE-2018-2610 | 1 Oracle | 1 Hyperion Data Relationship Management | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and security). The supported version that is affected is 11.1.2.4.330. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion Data Relationship Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-2488 | 1 Sap | 1 Fiori Client | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | |||||
| CVE-2018-20584 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||||
| CVE-2017-2429 | 1 Apple | 1 Mac Os X | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action. | |||||
| CVE-2018-2487 | 1 Sap | 1 Disclosure Management | 2020-08-24 | 5.1 MEDIUM | 8.3 HIGH |
| SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. | |||||
| CVE-2018-2475 | 1 Gardener | 1 Gardener | 2020-08-24 | 6.0 MEDIUM | 8.5 HIGH |
| Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4. | |||||
| CVE-2018-2473 | 1 Sap | 1 Businessobjects Business Intelligence | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-20393 | 1 Technicolor | 16 Cga0101, Cga0101 Firmware, Cga0111 and 13 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20381 | 1 Technicolor | 2 Dpc2320, Dpc2320 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20380 | 1 Ubeeinteractive | 8 Ambit Ddw2600, Ambit Ddw2600 Firmware, Ambit Ddw2602 and 5 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20345 | 1 Stackstorm | 1 Stackstorm | 2020-08-24 | 3.5 LOW | 5.3 MEDIUM |
| Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=<username>" query filter parameters. Enterprise editions with RBAC enabled are not affected. | |||||
| CVE-2018-20161 | 1 Blinkforhome | 1 Sync Module | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app also becomes unavailable.) | |||||
| CVE-2018-20069 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | |||||
| CVE-2018-20067 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | |||||
| CVE-2018-20053 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network. | |||||
| CVE-2018-20050 | 1 Qacctv | 2 Jooan Ja-q1h Wi-fi Camera, Jooan Ja-q1h Wi-fi Camera Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method. | |||||
| CVE-2018-20028 | 1 Contao | 1 Contao Cms | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. | |||||
| CVE-2018-20026 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 15 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. | |||||
| CVE-2018-19964 | 1 Xen | 1 Xen | 2020-08-24 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions. | |||||
| CVE-2018-0973 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975. | |||||
| CVE-2018-0972 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | |||||
| CVE-2018-19358 | 1 Gnome | 1 Gnome-keyring | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. | |||||
| CVE-2018-19333 | 1 Google | 1 Gvisor | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled. | |||||
| CVE-2018-10998 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | |||||
| CVE-2018-19320 | 1 Gigabyte | 4 Aorus Graphics Engine, App Center, Oc Guru Ii and 1 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system. | |||||
| CVE-2018-0971 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | |||||
| CVE-2018-0970 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | |||||
| CVE-2018-19232 | 1 Epson | 2 Epson Workforce Wf-2861, Epson Workforce Wf-2861 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI. | |||||
| CVE-2018-18966 | 2 Microsoft, Oscommerce | 2 Internet Explorer, Online Merchant | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file. | |||||
| CVE-2018-18965 | 1 Oscommerce | 1 Online Merchant | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename). | |||||
| CVE-2018-18964 | 1 Oscommerce | 1 Online Merchant | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in which contained HTML can be executed, such as the svg extension. | |||||
| CVE-2018-18881 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2020-08-24 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. | |||||
| CVE-2018-18817 | 1 Leostream | 2 Agent, Connection Broker | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. | |||||
| CVE-2018-18810 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2020-08-24 | 4.0 MEDIUM | 9.9 CRITICAL |
| The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0. | |||||
| CVE-2018-18748 | 1 Sandboxie | 1 Sandboxie | 2020-08-24 | 10.0 HIGH | 10.0 CRITICAL |
| ** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality. | |||||
| CVE-2018-18652 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. | |||||
| CVE-2018-18649 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. | |||||
| CVE-2018-18626 | 1 Phpyun | 1 Phpyun | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter. | |||||
| CVE-2018-10465 | 1 Jamf | 1 Jamf | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of account privileges or privilege sets. An authenticated Jamf Pro account without required privileges could be used to perform CRUD actions (GET, POST, PUT, DELETE) on UAPI endpoints, which could result in unauthorized information disclosure, compromised data integrity, and data loss. For a full listing of available UAPI endpoints and associated CRUD actions you can navigate to /uapi/doc in your instance of Jamf Pro. | |||||
| CVE-2018-1029 | 1 Microsoft | 6 Excel, Excel 2007, Excel 2010 and 3 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027. | |||||
| CVE-2018-1027 | 1 Microsoft | 5 Excel, Excel 2007, Excel 2010 and 2 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029. | |||||
| CVE-2018-18603 | 1 360totalsecurity | 1 360 Total Security | 2020-08-24 | 4.3 MEDIUM | 6.3 MEDIUM |
| ** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue. | |||||
| CVE-2018-1025 | 1 Microsoft | 2 Edge, Internet Explorer | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge. | |||||
| CVE-2018-0747 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746. | |||||
| CVE-2018-18564 | 1 Roche | 6 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Coaguchek Pro Ii and 3 more | 2020-08-24 | 3.3 LOW | 7.4 HIGH |
| An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration. | |||||
| CVE-2018-18536 | 1 Asus | 2 Aura Sync, Aura Sync Firmware | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | |||||
| CVE-2018-0969 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | |||||
| CVE-2018-1021 | 1 Microsoft | 1 Edge | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123. | |||||
| CVE-2018-18535 | 1 Asus | 2 Aura Sync, Aura Sync Firmware | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. | |||||