Total
9857 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8971 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | |||||
| CVE-2018-8956 | 1 Ntp | 1 Ntp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. | |||||
| CVE-2018-8954 | 1 Ca | 1 Workload Control Center | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | |||||
| CVE-2018-8945 | 2 Gnu, Redhat | 4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. | |||||
| CVE-2018-8904 | 1 Windows Optimization Master Project | 1 Windows Optimization Master | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000. | |||||
| CVE-2018-8896 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044. | |||||
| CVE-2018-8895 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. | |||||
| CVE-2018-8894 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108. | |||||
| CVE-2018-8876 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098. | |||||
| CVE-2018-8875 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c. | |||||
| CVE-2018-8874 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054. | |||||
| CVE-2018-8873 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. | |||||
| CVE-2018-8869 | 1 Lantech | 2 Ids 2102, Ids 2102 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-8867 | 1 Ge | 16 Pacsystems Cpu320, Pacsystems Cpu320 Firmware, Pacsystems Cru320 and 13 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | |||||
| CVE-2018-8850 | 1 Philips | 1 E-alert Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution. | |||||
| CVE-2018-8826 | 1 Asus | 26 Rt-ac1200, Rt-ac1200 Firmware, Rt-ac1750 and 23 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-8821 | 1 Jungo | 1 Windriver | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file. | |||||
| CVE-2018-8779 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. | |||||
| CVE-2018-8765 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018. | |||||
| CVE-2018-8711 | 1 Woocommerce-filter | 1 Woocommerce Products Filter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack. | |||||