Total
9733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6771 | 1 Jiangmin | 1 Antivirus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008224. | |||||
| CVE-2017-18050 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read. | |||||
| CVE-2018-9935 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5312. | |||||
| CVE-2016-10456 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, if radish is executed with an interface name set to an invalid interface name, an arbitrary command of 15 characters or less may be executed as a system call. | |||||
| CVE-2016-10543 | 1 Call Project | 1 Call | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. | |||||
| CVE-2018-6770 | 1 Jiangmin | 1 Antivirus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x99008210. | |||||
| CVE-2018-1298 | 1 Apache | 1 Qpid Broker-j | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable. | |||||
| CVE-2014-0900 | 1 Google | 1 Android | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. | |||||
| CVE-2017-14913 | 1 Qualcomm | 12 Mdm9206, Mdm9206 Firmware, Sd 625 and 9 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated. | |||||
| CVE-2017-6281 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281. | |||||
| CVE-2017-7164 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts. | |||||
| CVE-2017-17151 | 1 Huawei | 60 Ar100, Ar100-s, Ar100-s Firmware and 57 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR510, DP300, NetEngine16EX, RP200, SRG1300, SRG2300, SRG3300, TE30, TE40, TE50, TE60, TP3106, TP3206, ViewPoint 8660, and ViewPoint 9030 have an insufficient validation vulnerability. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS attacks. | |||||
| CVE-2018-7233 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'. | |||||
| CVE-2017-17318 | 1 Huawei | 2 E5771h-937, E5771h-937 Firmware | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability. | |||||
| CVE-2018-10260 | 1 Hrsale Project | 1 Hrsale | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | |||||
| CVE-2018-5224 | 2 Atlassian, Microsoft | 2 Bamboo, Windows | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability. | |||||
| CVE-2018-7600 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | |||||
| CVE-2017-7825 | 3 Apple, Debian, Mozilla | 5 Mac Os X, Debian Linux, Firefox and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2018-10578 | 1 Watchguard | 8 Ap100, Ap100 Firmware, Ap102 and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. | |||||
| CVE-2018-6476 | 1 Superantispyware | 1 Superantispyware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. | |||||