Total
24574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18132 | 1 Qualcomm | 6 Mdm9206, Mdm9206 Firmware, Mdm9607 and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, MDM8996, an out-of-bounds access can potentially occur in tz_assign(). | |||||
CVE-2018-9110 | 1 Std42 | 1 Elfinder | 2023-12-10 | 7.5 HIGH | 9.1 CRITICAL |
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109. | |||||
CVE-2018-10996 | 1 D-link | 2 Dir-629-b, Dir-629-b Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable. | |||||
CVE-2017-2741 | 1 Hp | 76 D3q15a, D3q15a Firmware, D3q15b and 73 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code. | |||||
CVE-2017-14480 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
CVE-2016-10472 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, address and size passed to SCM command 'TZ_INFO_GET_SECURE_STATE_LEGACY_ID' from HLOS Kernel were not being checked, so access outside DDR would occur. | |||||
CVE-2017-7756 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
CVE-2018-12908 | 1 Brynamics | 1 Brynamics | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials. | |||||
CVE-2018-6576 | 1 Ezcode | 1 Event Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. | |||||
CVE-2018-7213 | 1 Abine | 1 Blur | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. | |||||
CVE-2018-6667 | 1 Mcafee | 1 Mcafee Web Gateway | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | |||||
CVE-2018-3601 | 1 Trendmicro | 1 Control Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | |||||
CVE-2018-4966 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
CVE-2017-5432 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2018-6368 | 1 Comdev | 1 Jomestate Pro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action. | |||||
CVE-2018-10718 | 1 Activision | 1 Call Of Duty Modern Warfare 2 | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets. | |||||
CVE-2016-9901 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Enterprise Linux Aus and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | |||||
CVE-2018-12915 | 1 Pbc Project | 1 Pbc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c. | |||||
CVE-2018-6578 | 1 Jextn | 1 Je Paypervideo | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. | |||||
CVE-2018-11544 | 1 Theolivetree | 1 Ftp Server | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings. |