Total
9733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8521 | 1 Hp | 1 Diagnostics | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | |||||
| CVE-2017-17159 | 1 Huawei | 4 Mt8-emui4.1, Mt8-emui4.1 Firmware, Nts-al00 and 1 more | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. | |||||
| CVE-2017-8973 | 1 Hp | 1 Matrix Operating Environment | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2018-1000002 | 1 Nic | 1 Knot Resolver | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | |||||
| CVE-2018-7237 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file' | |||||
| CVE-2018-9142 | 1 Samsung | 1 Samsung Mobile | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
| On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. | |||||
| CVE-2017-17219 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. | |||||
| CVE-2011-2902 | 2 Debian, Glyphandcog | 2 Debian Linux, Xpdf | 2024-02-28 | 6.4 MEDIUM | 5.3 MEDIUM |
| zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. | |||||
| CVE-2018-4097 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-8971 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | |||||
| CVE-2018-6759 | 1 Gnu | 1 Binutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. | |||||
| CVE-2018-7502 | 1 Beckhoff | 2 Twincat, Twincat C\+\+ | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. | |||||
| CVE-2013-0267 | 1 Apache | 1 Vcl | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. | |||||
| CVE-2018-4116 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2017-1000397 | 1 Jenkins | 1 Maven | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient. | |||||
| CVE-2018-8115 | 1 Microsoft | 1 Windows Host Compute Service Shim | 2024-02-28 | 9.3 HIGH | 8.6 HIGH |
| A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute. | |||||
| CVE-2018-4225 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications. | |||||
| CVE-2017-15389 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2018-0957 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-02-28 | 1.9 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964. | |||||
| CVE-2018-3852 | 1 Onssi | 1 Ocularis | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||