Total
23759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9638 | 1 Mitsubishielectric | 1 E-designer | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. | |||||
| CVE-2018-4988 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2015-9259 | 1 Docker | 1 Notary | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | |||||
| CVE-2018-11331 | 1 Pluck-cms | 1 Pluck | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess. | |||||
| CVE-2018-6863 | 1 Select Your College Script Project | 1 Select Your College Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. | |||||
| CVE-2016-8488 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756. | |||||
| CVE-2018-7318 | 2 Belitsoft, Oracle | 2 Checklist, Data Integrator | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | |||||
| CVE-2018-8828 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c. | |||||
| CVE-2018-6584 | 1 Dthdevelopment | 1 Dt Register | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. | |||||
| CVE-2018-13038 | 1 Opendesa | 1 Opensid | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type. | |||||
| CVE-2018-9246 | 2 Ledgersmb, Pgobject-util-dbadmin Project | 2 Ledgersmb, Pgobject-util-dbadmin | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. | |||||
| CVE-2015-9142 | 1 Qualcomm | 52 Mdm9645, Mdm9645 Firmware, Mdm9650 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework. | |||||
| CVE-2014-9994 | 1 Qualcomm | 4 Sd 400, Sd 400 Firmware, Sd 800 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow. | |||||
| CVE-2018-9843 | 1 Cyberark | 1 Password Vault | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | |||||
| CVE-2017-18239 | 1 Authentikat-jwt Project | 1 Authentikat-jwt | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests. | |||||
| CVE-2018-0308 | 1 Cisco | 10 Firepower 9000, Firepower 9000 Firmware, Nexus 5000 and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code or cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69954, CSCve02463, CSCve02785, CSCve02787, CSCve02804, CSCve04859. | |||||
| CVE-2018-5148 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. | |||||
| CVE-2018-5128 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59. | |||||
| CVE-2017-11088 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Msm8996au and 25 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. | |||||
| CVE-2018-10653 | 1 Citrix | 1 Xenmobile Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||