Vulnerabilities (CVE)

Total 23576 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18928 1 Icu-project 1 International Components For Unicode 2023-12-10 7.5 HIGH 9.8 CRITICAL
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
CVE-2015-9122 1 Qualcomm 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, possible buffer overflow if SIM card sends a response greater than 64KB of data for stream APDU command.
CVE-2017-17656 1 Quest 1 Netvault Backup 2023-12-10 7.5 HIGH 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4292.
CVE-2018-7750 3 Debian, Paramiko, Redhat 11 Debian Linux, Paramiko, Ansible Engine and 8 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
CVE-2017-17833 5 Canonical, Debian, Lenovo and 2 more 61 Ubuntu Linux, Debian Linux, Bm Nextscale Fan Power Controller and 58 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
CVE-2018-12327 1 Ntp 1 Ntp 2023-12-10 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
CVE-2017-5465 3 Debian, Mozilla, Redhat 10 Debian Linux, Firefox, Firefox Esr and 7 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVE-2018-3752 1 Merge-options Project 1 Merge-options 2023-12-10 7.5 HIGH 9.8 CRITICAL
The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
CVE-2017-5807 1 Hp 1 Data Protector 2023-12-10 10.0 HIGH 9.8 CRITICAL
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
CVE-2017-9278 1 Netiq 1 Identity Manager 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
CVE-2018-7039 1 Ccn-lite 1 Ccn-lite 2023-12-10 7.5 HIGH 9.8 CRITICAL
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information.
CVE-2016-10442 1 Qualcomm 14 Mdm9640, Mdm9640 Firmware, Mdm9650 and 11 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this vector to alter module executable code.
CVE-2017-0357 2 Debian, Iucode-tool Project 2 Debian Linux, Iucode-tool 2023-12-10 7.5 HIGH 9.8 CRITICAL
A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.
CVE-2018-6948 1 Ccn-lite 1 Ccn-lite 2023-12-10 7.5 HIGH 9.8 CRITICAL
In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed.
CVE-2017-7786 3 Debian, Mozilla, Redhat 10 Debian Linux, Firefox, Firefox Esr and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVE-2018-11221 1 Artica 1 Pandora Fms 2023-12-10 7.5 HIGH 9.8 CRITICAL
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
CVE-2017-13285 1 Google 1 Android 2023-12-10 10.0 HIGH 9.8 CRITICAL
In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126.
CVE-2016-10551 1 Balderdash 1 Waterline-sequel 2023-12-10 7.5 HIGH 9.8 CRITICAL
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.
CVE-2018-7667 1 Adminer 1 Adminer 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adminer through 4.3.1 has SSRF via the server parameter.
CVE-2018-6017 1 Tinder 1 Tinder 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.