Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8901 | 1 Ivanti | 1 Avalanche | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration. | |||||
| CVE-2018-8905 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | |||||
| CVE-2018-8930 | 1 Amd | 8 Epyc Server, Epyc Server Firmware, Ryzen and 5 more | 2020-08-24 | 9.3 HIGH | 9.0 CRITICAL |
| The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. | |||||
| CVE-2018-8979 | 1 Open-audit | 1 Open-audit | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | |||||
| CVE-2018-9035 | 1 Contact-form-7-to-database-extension Project | 1 Contact-form-7-to-database-extension | 2020-08-24 | 6.8 MEDIUM | 9.6 CRITICAL |
| CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. | |||||
| CVE-2018-9039 | 1 Octopus | 1 Octopus Deploy | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments. | |||||
| CVE-2018-9079 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device. | |||||
| CVE-2018-9086 | 1 Lenovo | 8 Thinkserver Rd340, Thinkserver Rd340 Firmware, Thinkserver Rd440 and 5 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users. | |||||
| CVE-2018-9106 | 1 Acyba | 1 Acysms | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | |||||
| CVE-2018-9107 | 1 Acyba | 1 Acymailing | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | |||||
| CVE-2018-9137 | 1 Open-audit | 1 Open-audit | 2020-08-24 | 3.5 LOW | 6.8 MEDIUM |
| Open-AudIT before 2.2 has CSV Injection. | |||||
| CVE-2018-9143 | 1 Samsung | 1 Samsung Mobile | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. | |||||
| CVE-2018-9191 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. | |||||
| CVE-2018-9193 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the parsing of the file. | |||||
| CVE-2018-9264 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. | |||||
| CVE-2018-9281 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. | |||||
| CVE-2018-9358 | 1 Google | 1 Android | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115. | |||||
| CVE-2018-9363 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Android | 2020-08-24 | 7.2 HIGH | 8.4 HIGH |
| In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. | |||||
| CVE-2018-9457 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376 | |||||
| CVE-2018-9473 | 1 Google | 1 Android | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460 | |||||
| CVE-2018-9488 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. | |||||
| CVE-2018-9491 | 1 Google | 1 Android | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051 | |||||
| CVE-2018-9492 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948 | |||||
| CVE-2018-9499 | 1 Google | 1 Android | 2020-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474 | |||||
| CVE-2018-9501 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 | |||||
| CVE-2018-9509 | 1 Google | 1 Android | 2020-08-24 | 6.1 MEDIUM | 6.5 MEDIUM |
| In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027 | |||||
| CVE-2018-9510 | 1 Google | 1 Android | 2020-08-24 | 6.1 MEDIUM | 6.5 MEDIUM |
| In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065 | |||||
| CVE-2018-9525 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 | |||||
| CVE-2018-9548 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574. | |||||
| CVE-2018-9557 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357. | |||||
| CVE-2018-9565 | 1 Google | 1 Android | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558. | |||||
| CVE-2018-9594 | 1 Google | 1 Android | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157. | |||||
| CVE-2019-0007 | 1 Juniper | 17 Junos, Mx10, Mx10003 and 14 more | 2020-08-24 | 7.5 HIGH | 10.0 CRITICAL |
| The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series. | |||||
| CVE-2019-0010 | 1 Juniper | 14 Junos, Srx100, Srx110 and 11 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%. all_logs.0:Jun 8 03:25:13 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 51%. all_logs.0:Jun 8 03:25:24 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 52%. ... Eventually the system runs out of mbufs and the system crashes (fails over) with the error "mbuf exceed". This issue only occurs when HTTP AV inspection is configured. Devices configured for Web Filtering alone are unaffected by this issue. Affected releases are Junos OS on SRX Series: 12.1X46 versions prior to 12.1X46-D81; 12.3X48 versions prior to 12.3X48-D77; 15.1X49 versions prior to 15.1X49-D101, 15.1X49-D110. | |||||
| CVE-2019-0016 | 1 Juniper | 1 Junos Space | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. | |||||
| CVE-2019-0029 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2020-08-24 | 2.1 LOW | 7.8 HIGH |
| Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0993 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052. | |||||
| CVE-2019-0995 | 1 Microsoft | 2 Internet Explorer, Windows 10 | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-0998 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0983. | |||||
| CVE-2019-0999 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1000 | 1 Microsoft | 1 Azure Active Directory Connect | 2020-08-24 | 3.5 LOW | 5.3 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1000001 | 1 Teampass | 1 Teampass | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. | |||||
| CVE-2019-1000002 | 1 Gitea | 1 Gitea | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2. | |||||
| CVE-2019-1000011 | 1 Api-platform | 1 Core | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6. | |||||
| CVE-2019-1000017 | 1 Chamilo | 1 Chamilo Lms | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. | |||||
| CVE-2019-1000020 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. | |||||
| CVE-2019-1000021 | 1 Slixmpp Project | 1 Slixmpp | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2. | |||||
| CVE-2019-1000031 | 1 Article2pdf Project | 1 Article2pdf | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in. | |||||
| CVE-2019-1001 | 1 Microsoft | 11 Chakracore, Edge, Internet Explorer and 8 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059. | |||||
| CVE-2019-10014 | 1 Dedecms | 1 Dedecms | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | |||||