Max CVSS 10.0 Min CVSS 1.9 Total Count735
IDCVSSSummaryLast (major) updatePublished
CVE-2018-4048 7.2
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit th
30-05-2019 - 13:29 30-05-2019 - 13:29
CVE-2019-7039 10.0
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary co
24-05-2019 - 15:29 24-05-2019 - 15:29
CVE-2019-7360 6.8
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD M
09-04-2019 - 16:30 09-04-2019 - 16:30
CVE-2019-7359 6.8
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD M
09-04-2019 - 16:30 09-04-2019 - 16:30
CVE-2019-7358 6.8
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Me
09-04-2019 - 16:30 09-04-2019 - 16:30
CVE-2018-4456 9.3
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4421 9.3
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4053 2.1
An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and bec
02-04-2019 - 12:29 02-04-2019 - 12:29
CVE-2018-4052 2.1
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the ro
02-04-2019 - 12:29 02-04-2019 - 12:29
CVE-2018-4051 4.9
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change th
02-04-2019 - 12:29 02-04-2019 - 12:29
CVE-2018-4049 7.2
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's ?Games? directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vul
02-04-2019 - 12:29 02-04-2019 - 12:29
CVE-2018-3974 7.2
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerabil
02-04-2019 - 12:29 02-04-2019 - 12:29
CVE-2018-3979 4.3
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can
01-04-2019 - 17:30 01-04-2019 - 17:30
CVE-2018-4050 7.2
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated priv
01-04-2019 - 15:29 01-04-2019 - 15:29
CVE-2018-3968 4.4
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and
21-03-2019 - 13:29 21-03-2019 - 13:29
CVE-2017-16255 5.5
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary d
21-03-2019 - 13:29 21-03-2019 - 13:29
CVE-2017-16254 5.5
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary d
21-03-2019 - 13:29 21-03-2019 - 13:29
CVE-2017-16253 5.5
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service
21-03-2019 - 13:29 21-03-2019 - 13:29
CVE-2018-4030 5.0
An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests,
21-03-2019 - 12:29 21-03-2019 - 12:29
CVE-2018-4011 5.0
An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that cra
21-03-2019 - 12:29 21-03-2019 - 12:29
CVE-2018-4003 7.5
An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code ex
21-03-2019 - 12:29 21-03-2019 - 12:29
CVE-2018-3985 7.5
An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of
21-03-2019 - 12:29 21-03-2019 - 12:29
CVE-2018-3969 7.2
An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing un
21-03-2019 - 12:29 21-03-2019 - 12:29
CVE-2018-3963 8.3
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allo
21-03-2019 - 12:29 21-03-2019 - 12:29
CVE-2019-5011 6.6
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user ope
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2018-4059 10.0
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide admin
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-4058 4.0
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide acc
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2019-5015 7.2
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local a
08-03-2019 - 15:29 08-03-2019 - 15:29
CVE-2018-4055 4.9
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would
08-03-2019 - 15:29 08-03-2019 - 15:29
CVE-2018-4054 7.2
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need
08-03-2019 - 15:29 08-03-2019 - 15:29
CVE-2019-5019 7.5
A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation funct
07-03-2019 - 15:29 07-03-2019 - 15:29
CVE-2018-6687 4.3
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs
21-02-2019 - 09:29 21-02-2019 - 09:29
CVE-2018-3973 6.8
An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can delive
08-02-2019 - 13:57 06-02-2019 - 16:29
CVE-2018-3976 6.8
An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data
08-02-2019 - 13:54 06-02-2019 - 16:29
CVE-2018-3980 6.8
An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can del
06-02-2019 - 16:29 06-02-2019 - 16:29
CVE-2018-3991 7.5
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An at
05-02-2019 - 18:29 05-02-2019 - 18:29
CVE-2018-3990 7.2
An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruptio
05-02-2019 - 18:29 05-02-2019 - 18:29
CVE-2018-3989 2.1
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resu
05-02-2019 - 18:29 05-02-2019 - 18:29
CVE-2018-4056 7.5
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which cou
05-02-2019 - 13:29 05-02-2019 - 13:29
CVE-2018-3956 5.8
An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensiti
30-01-2019 - 17:29 30-01-2019 - 17:29
CVE-2018-19716 7.5
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier h
18-01-2019 - 12:29 18-01-2019 - 12:29
CVE-2018-4047 6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4046 2.1
An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attack
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4045 6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4044 6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4043 6.6
An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would ne
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4042 6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4041 6.6
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4037 6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4036 6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4035 6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4034 6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4033 6.6
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-4032 6.6
An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local acce
10-01-2019 - 10:29 10-01-2019 - 10:29
CVE-2018-16076 6.8
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-4012 9.3
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated att
03-01-2019 - 17:29 03-01-2019 - 17:29
CVE-2018-3986 2.1
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using
03-01-2019 - 17:29 03-01-2019 - 17:29
CVE-2018-4015 6.8
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacke
18-12-2018 - 09:29 18-12-2018 - 09:29
CVE-2018-3988 1.9
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is avail
10-12-2018 - 12:29 10-12-2018 - 12:29
CVE-2018-4021 6.5
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An
03-12-2018 - 17:29 03-12-2018 - 17:29
CVE-2018-4020 6.5
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An
03-12-2018 - 17:29 03-12-2018 - 17:29
CVE-2018-4019 6.5
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An
03-12-2018 - 17:29 03-12-2018 - 17:29
CVE-2018-3854 3.6
An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attack
03-12-2018 - 17:29 03-12-2018 - 17:29
CVE-2018-4040 6.8
An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and t
01-12-2018 - 15:29 01-12-2018 - 15:29
CVE-2018-4039 6.8
An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An a
01-12-2018 - 14:29 01-12-2018 - 14:29
CVE-2018-4038 6.8
An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted v
01-12-2018 - 13:29 01-12-2018 - 13:29
CVE-2018-3951 6.5
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An at
01-12-2018 - 01:29 01-12-2018 - 01:29
CVE-2018-3950 6.5
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote co
30-11-2018 - 23:29 30-11-2018 - 23:29
CVE-2018-3949 5.0
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can sen
30-11-2018 - 22:29 30-11-2018 - 22:29
CVE-2018-3948 5.0
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal
30-11-2018 - 12:29 30-11-2018 - 12:29
CVE-2018-3935 5.0
An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of p
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3934 7.5
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff netwo
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3920 4.6
An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3899 5.1
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3898 5.1
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3892 7.5
An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3891 2.1
An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trig
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3890 4.6
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD
02-11-2018 - 13:29 02-11-2018 - 13:29
CVE-2018-3977 6.8
An exploitable code execution vulnerability exists in the XCF image render