Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12271 | 1 Dropbox | 1 Dropbox | 2018-08-10 | 6.9 MEDIUM | 6.4 MEDIUM |
| ** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred. | |||||
| CVE-2018-12337 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2018-08-10 | 2.1 LOW | 4.6 MEDIUM |
| Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. | |||||
| CVE-2018-12336 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2018-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. | |||||
| CVE-2018-12559 | 1 Cantata Project | 1 Cantata | 2018-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring. | |||||
| CVE-2018-12560 | 1 Cantata Project | 1 Cantata | 2018-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. | |||||
| CVE-2018-12561 | 1 Cantata Project | 1 Cantata | 2018-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL. | |||||
| CVE-2018-12563 | 1 Linaro | 1 Lava | 2018-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. | |||||
| CVE-2018-12564 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2018-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. | |||||
| CVE-2018-5137 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. | |||||
| CVE-2014-3413 | 1 Juniper | 1 Junos Space | 2018-08-10 | 10.0 HIGH | 9.8 CRITICAL |
| The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. | |||||
| CVE-2018-10945 | 1 Cesanta | 1 Mongoose | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | |||||
| CVE-2017-13072 | 1 Qnap | 1 Qts | 2018-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. | |||||
| CVE-2018-9027 | 1 Ca | 1 Ca Privileged Access Manager | 2018-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | |||||
| CVE-2018-12635 | 1 Circontrol | 1 Scada | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2018-9036 | 1 Checksec | 1 Canopy | 2018-08-10 | 3.5 LOW | 4.8 MEDIUM |
| CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. | |||||
| CVE-2018-12604 | 1 Njtech | 1 Greencms | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log. | |||||
| CVE-2018-10407 | 1 Carbonblack | 1 Carbon Black Cb | 2018-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-12421 | 1 Ltb-project | 1 Ldap Tool Box Self Service Password | 2018-08-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | |||||
| CVE-2018-12688 | 1 Tinyexr Project | 1 Tinyexr | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. | |||||
| CVE-2018-12684 | 1 Civetweb Project | 1 Civetweb | 2018-08-10 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | |||||
| CVE-2018-12631 | 1 Redatam | 1 Redatam | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. | |||||
| CVE-2018-12632 | 1 Redatam | 1 Redatam | 2018-08-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. | |||||
| CVE-2018-12630 | 1 Nmark | 1 Nmcms | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. | |||||
| CVE-2018-12581 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. | |||||
| CVE-2018-12071 | 1 Codeigniter | 1 Codeigniter | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. | |||||
| CVE-2018-10363 | 1 Wpdevart | 1 Booking Calendar | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices. | |||||
| CVE-2018-12329 | 1 Ecos | 2 Secure Boot Stick, Secure Boot Stick Firmware | 2018-08-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. | |||||
| CVE-2017-5425 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2017-5453 | 1 Mozilla | 1 Firefox | 2018-08-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53. | |||||
| CVE-2017-5452 | 1 Mozilla | 1 Firefox | 2018-08-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. | |||||
| CVE-2017-5463 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. | |||||
| CVE-2017-7788 | 1 Mozilla | 1 Firefox | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. | |||||
| CVE-2017-7796 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2018-08-09 | 3.3 LOW | 4.7 MEDIUM |
| On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-0110 | 1 Microsoft | 1 Exchange Server | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." | |||||
| CVE-2017-18250 | 1 Imagemagick | 1 Imagemagick | 2018-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2016-9902 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Enterprise Linux Desktop and 4 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | |||||
| CVE-2018-5091 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. | |||||
| CVE-2017-7845 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2018-08-09 | 9.3 HIGH | 8.8 HIGH |
| A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. | |||||
| CVE-2017-7824 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7823 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 4.3 MEDIUM | 5.4 MEDIUM |
| The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7819 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7818 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7798 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | |||||
| CVE-2017-7793 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-5466 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5451 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2018-08-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5454 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5449 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5448 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 7.5 HIGH | 8.6 HIGH |
| An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||