Total
23703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11325 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. | |||||
| CVE-2017-13272 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137. | |||||
| CVE-2015-9197 | 1 Qualcomm | 40 Mdm9206, Mdm9206 Firmware, Mdm9607 and 37 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, when enabling XPUs for SMEM partitions, if configuration values are out of range, memory access outside the SMEM may occur and set incorrect XPU configurations. | |||||
| CVE-2018-6289 | 1 Kaspersky | 1 Secure Mail Gateway | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2016-10476 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, missing array index checks on app index in function qcril_uim_clear_encrypted_pin results in accessing addresses outside the bounds of the buffer when app index is too large. | |||||
| CVE-2015-9160 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, integer overflow may occur when values passed from HLOS (graphics driver busy time, and total time) in TZBSP_GFX_DCVS_UPDATE_ID are very large. | |||||
| CVE-2018-12498 | 1 Icmsdev | 1 Icms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | |||||
| CVE-2015-9145 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input validation in NPA driver functions leads to null pointer dereference. | |||||
| CVE-2018-0225 | 1 Cisco | 1 Appdynamics App Iq | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. | |||||
| CVE-2018-3641 | 1 Intel | 2 Remote Keyboard, Remote Keyboard Mobile App | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user. | |||||
| CVE-2018-10662 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. | |||||
| CVE-2015-0152 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | |||||
| CVE-2018-12426 | 1 3cx | 1 Live Chat | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | |||||
| CVE-2018-11722 | 1 Wuzhicms | 1 Wuzhicms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | |||||
| CVE-2017-14915 | 1 Qualcomm | 8 Sd 625, Sd 625 Firmware, Sd 650 and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition. | |||||
| CVE-2017-7658 | 5 Debian, Eclipse, Hp and 2 more | 20 Debian Linux, Jetty, Xp P9000 and 17 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. | |||||
| CVE-2018-9029 | 1 Broadcom | 1 Privileged Access Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||||
| CVE-2018-12026 | 1 Phusion | 1 Passenger | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation. | |||||
| CVE-2016-10490 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned. | |||||
| CVE-2018-7485 | 1 Unixodbc | 1 Unixodbc | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||||