Total
9737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11232 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. | |||||
| CVE-2017-12186 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2018-7635 | 1 Navercorp | 1 Whale | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name. | |||||
| CVE-2018-12999 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | |||||
| CVE-2018-5138 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59. | |||||
| CVE-2017-12524 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2018-8988 | 1 Windows Optimization Master Project | 1 Windows Optimization Master | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008. | |||||
| CVE-2017-12529 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2018-10796 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014. | |||||
| CVE-2017-12492 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2017-17171 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, P9 and 3 more | 2024-02-28 | 6.3 MEDIUM | 4.2 MEDIUM |
| Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. | |||||
| CVE-2018-10976 | 1 2345.cc | 1 Security Guard | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050. | |||||
| CVE-2018-11518 | 1 Hcltech | 2 Legacy Ivr, Legacy Ivr Firmware | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). | |||||
| CVE-2018-8244 | 1 Microsoft | 3 Office, Outlook, Outlook Rt | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook. | |||||
| CVE-2017-7783 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-12540 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
| CVE-2018-8038 | 1 Apache | 1 Cxf Fediz | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. | |||||
| CVE-2018-9003 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. | |||||
| CVE-2018-6775 | 1 Jiangmin | 1 Antivirus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x990081C8. | |||||
| CVE-2018-0156 | 1 Cisco | 149 Catalyst 2960-plus 24lc-l, Catalyst 2960-plus 24lc-s, Catalyst 2960-plus 24pc-l and 146 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673. | |||||