Total
9734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1161 | 1 Quest | 1 Netvault Backup | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215. | |||||
| CVE-2018-6631 | 1 Micropoint | 1 Proactive Defense | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110009.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000170. | |||||
| CVE-2018-6206 | 1 Maxpcsecure | 1 Anti Virus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220011. | |||||
| CVE-2018-8050 | 1 Afflib Project | 1 Afflib | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value. | |||||
| CVE-2018-0213 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted. The attacker must have valid user credentials to the device to exploit this vulnerability. Cisco Bug IDs: CSCvf69753. | |||||
| CVE-2017-17173 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Fimware | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution. | |||||
| CVE-2018-8869 | 1 Lantech | 2 Ids 2102, Ids 2102 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-6204 | 1 Maxpcsecure | 1 Anti Virus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019. | |||||
| CVE-2017-12539 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2017-1000401 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 1.2 LOW | 2.2 LOW |
| The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged. | |||||
| CVE-2017-5422 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2017-14878 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service. | |||||
| CVE-2017-0368 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. | |||||
| CVE-2018-0135 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644. | |||||
| CVE-2018-3634 | 1 Intel | 1 Online Connect Access | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | |||||
| CVE-2017-7796 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-02-28 | 3.3 LOW | 4.7 MEDIUM |
| On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55. | |||||
| CVE-2016-10542 | 1 Ws Project | 1 Ws | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. | |||||
| CVE-2018-6627 | 1 Watchdogdevelopment | 1 Anti-malware | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054. | |||||
| CVE-2018-12702 | 1 Gve | 1 Globalvillage Ecosystem | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | |||||
| CVE-2017-7325 | 1 Yandex | 1 Yandex Browser | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open. | |||||