Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8612 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-01-04 | 2.1 LOW | 5.5 MEDIUM |
| A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values, aka "Connected User Experiences and Telemetry Service Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | |||||
| CVE-2018-20001 | 1 Libav | 1 Libav | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. | |||||
| CVE-2018-19980 | 1 Anker | 2 Nebula Capsule Projector, Nebula Capsule Projector Firmware | 2019-01-03 | 7.8 HIGH | 7.5 HIGH |
| Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService. | |||||
| CVE-2018-11750 | 1 Puppet | 1 Cisco Ios Module | 2019-01-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. | |||||
| CVE-2018-9072 | 1 Lenovo | 1 Xclarity Integrator | 2018-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. | |||||
| CVE-2018-3740 | 1 Sanitize Project | 1 Sanitize | 2018-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | |||||
| CVE-2018-9523 | 1 Google | 1 Android | 2018-12-27 | 7.2 HIGH | 7.8 HIGH |
| In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604 | |||||
| CVE-2018-9347 | 1 Google | 1 Android | 2018-12-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359 | |||||
| CVE-2017-18317 | 1 Qualcomm | 10 Msm8996au, Msm8996au Firmware, Sd 410 and 7 more | 2018-12-26 | 7.2 HIGH | 7.8 HIGH |
| Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A. | |||||
| CVE-2017-18318 | 1 Qualcomm | 24 Msm8996au, Msm8996au Firmware, Sd 410 and 21 more | 2018-12-26 | 10.0 HIGH | 9.8 CRITICAL |
| Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A. | |||||
| CVE-2013-7108 | 2 Icinga, Nagios | 2 Icinga, Nagios | 2018-12-25 | 5.5 MEDIUM | N/A |
| Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. | |||||
| CVE-2018-13361 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | |||||
| CVE-2018-19755 | 1 Nasm | 1 Netwide Assembler | 2018-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. | |||||
| CVE-2018-11266 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client. | |||||
| CVE-2018-5492 | 1 Netapp | 1 E-series Santricity Os Controller | 2018-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution. | |||||
| CVE-2018-13315 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2018-12-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. | |||||
| CVE-2018-19530 | 1 Httl Project | 1 Httl | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. | |||||
| CVE-2018-19531 | 1 Httl Project | 1 Httl | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. | |||||
| CVE-2018-15318 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-12-14 | 7.8 HIGH | 7.5 HIGH |
| In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition. | |||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2018-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | |||||