Max CVSS 10.0 Min CVSS 1.7 Total Count701
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6336 6.8
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is si
31-12-2018 - 14:29 31-12-2018 - 14:29
CVE-2018-1150 7.5
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
19-09-2018 - 11:29 19-09-2018 - 11:29
CVE-2018-1149 10.0
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
19-09-2018 - 11:29 19-09-2018 - 11:29
CVE-2018-16585 6.8
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allow
06-09-2018 - 10:29 06-09-2018 - 10:29
CVE-2018-16543 6.8
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16542 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16541 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16540 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16539 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16513 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 09:29 05-09-2018 - 09:29
CVE-2018-16511 6.8
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 02:29 05-09-2018 - 02:29
CVE-2018-7685 4.6
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warning
31-08-2018 - 11:29 31-08-2018 - 11:29
CVE-2018-15911 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
28-08-2018 - 00:29 28-08-2018 - 00:29
CVE-2018-15910 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-15909 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-15908 6.8
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-15822 5.0
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure.
23-08-2018 - 19:29 23-08-2018 - 19:29
CVE-2018-1159 4.0
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
23-08-2018 - 15:29 23-08-2018 - 15:29
CVE-2018-1158 4.0
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
23-08-2018 - 15:29 23-08-2018 - 15:29
CVE-2018-1157 6.8
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
23-08-2018 - 15:29 23-08-2018 - 15:29
CVE-2018-1156 9.0
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
23-08-2018 - 15:29 23-08-2018 - 15:29
CVE-2018-0428 7.2
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerabili
15-08-2018 - 16:29 15-08-2018 - 16:29
CVE-2018-0410 7.8
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. T
15-08-2018 - 16:29 15-08-2018 - 16:29
CVE-2018-0409 5.0
A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to caus
15-08-2018 - 16:29 15-08-2018 - 16:29
CVE-2018-3646 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fau
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3620 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel an
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3615 5.4
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a si
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-8037 4.3
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
02-08-2018 - 10:29 02-08-2018 - 10:29
CVE-2018-1336 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
02-08-2018 - 10:29 02-08-2018 - 10:29
CVE-2018-8034 5.0
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
01-08-2018 - 14:29 01-08-2018 - 14:29
CVE-2017-2618 4.9
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.
27-07-2018 - 15:29 27-07-2018 - 15:29
CVE-2017-7558 5.0
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in
26-07-2018 - 11:29 26-07-2018 - 11:29
CVE-2018-14523 6.8
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
23-07-2018 - 04:29 23-07-2018 - 04:29
CVE-2018-14522 6.8
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
23-07-2018 - 04:29 23-07-2018 - 04:29
CVE-2018-14447 6.8
trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.
20-07-2018 - 09:29 20-07-2018 - 09:29
CVE-2018-8011 5.0
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
18-07-2018 - 10:29 18-07-2018 - 10:29
CVE-2018-2893 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthe
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-14347 4.3
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
17-07-2018 - 11:29 17-07-2018 - 11:29
CVE-2018-14346 6.8
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
17-07-2018 - 11:29 17-07-2018 - 11:29
CVE-2018-0361 4.3
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
16-07-2018 - 13:29 16-07-2018 - 13:29
CVE-2018-0360 4.3
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
16-07-2018 - 13:29 16-07-2018 - 13:29
CVE-2017-7468 5.0
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resu
16-07-2018 - 09:29 16-07-2018 - 09:29
CVE-2018-8356 2.1
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8314 4.3
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Ser
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8312 9.3
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8310 5.0
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8309 4.9
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8308 8.5
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Serv
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8307 6.8
A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, W
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8304 7.1
A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8296 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CV
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8291 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8288 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8287 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Inter
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8282 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8242 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8206 7.8
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Serve
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8171 5.0
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, A
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-0949 4.3
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-13300 5.8
In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a den
05-07-2018 - 13:29 05-07-2018 - 13:29
CVE-2018-12613 6.5
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2018-1061 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
19-06-2018 - 08:29 19-06-2018 - 08:29
CVE-2018-1060 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
18-06-2018 - 10:29 18-06-2018 - 10:29
CVE-2018-0732 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
12-06-2018 - 09:29 12-06-2018 - 09:29
CVE-2018-0334 5.8
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass
07-06-2018 - 17:29 07-06-2018 - 17:29
CVE-2018-0353 5.0
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due
07-06-2018 - 08:29 07-06-2018 - 08:29
CVE-2018-1454 4.3
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sens
05-06-2018 - 11:29 05-06-2018 - 11:29
CVE-2018-1432 4.3
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker coul
05-06-2018 - 11:29 05-06-2018 - 11:29
CVE-2017-1350 7.2
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526.
05-06-2018 - 11:29 05-06-2018 - 11:29
CVE-2016-9042 4.3
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate repl
04-06-2018 - 16:29 04-06-2018 - 16:29
CVE-2018-11516 6.8
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .sw
28-05-2018 - 12:29 28-05-2018 - 12:29
CVE-2018-3640 4.7
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue Sy
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2018-3639 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2018-8014 7.5
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter
16-05-2018 - 12:29 16-05-2018 - 12:29
CVE-2018-8159 5.8
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8154 10.0
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8153 5.8
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8152 5.8
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-8151 4.3
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.
09-05-2018 - 15:29 09-05-2018 - 15:29
CVE-2018-0737 4.3
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixe
17-04-2018 - 21:29 16-04-2018 - 14:29
CVE-2018-1275 7.5
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ma
11-04-2018 - 09:29 11-04-2018 - 09:29
CVE-2018-0739 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
27-03-2018 - 17:29 27-03-2018 - 17:29