Max CVSS 10.0 Min CVSS 1.9 Total Count393
IDCVSSSummaryLast (major) updatePublished
CVE-2018-4416 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4409 4.3
A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4398 5.0
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCl
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4394 6.8
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4392 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4386 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4382 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4378 6.8
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4377 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4376 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4375 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4374 4.3
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4373 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4372 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4361 6.8
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4359 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4358 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4345 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4328 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4323 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4319 5.8
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4318 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4317 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4316 6.8
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4315 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4314 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4312 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4311 5.8
The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4309 4.3
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4306 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4299 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4293 5.0
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4284 6.8
A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4273 4.3
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4272 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4271 4.3
Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4270 4.3
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4267 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4266 4.3
A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4265 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4264 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4263 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4261 6.8
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4197 6.8
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4191 6.8
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
03-04-2019 - 14:29 03-04-2019 - 14:29
CVE-2018-4278 4.3
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tr
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-4262 6.8
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
11-01-2019 - 13:29 11-01-2019 - 13:29
CVE-2018-16088 4.3
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16087 4.3
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16085 6.8
A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16084 4.3
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16083 6.8
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16082 4.3
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16081 4.3
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permissi
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16080 4.3
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16079 2.6
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16078 4.3
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16076 6.8
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16072 4.3
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16071 6.8
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16068 6.8
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16067 4.3
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-16065 6.8
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-8628 9.3
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProP
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-8627 4.3
An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This aff
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-19967 4.9
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE ins
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19966 7.2
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow pagi
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19965 4.7
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19964 4.9
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-19963 6.9
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
07-12-2018 - 23:29 07-12-2018 - 23:29
CVE-2018-1002105 7.5
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server
05-12-2018 - 16:29 05-12-2018 - 16:29
CVE-2018-19824 4.6
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
03-12-2018 - 12:29 03-12-2018 - 12:29
CVE-2018-12245 6.8
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note
29-11-2018 - 09:29 29-11-2018 - 09:29
CVE-2018-12239 4.6
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) pr
29-11-2018 - 09:29 29-11-2018 - 09:29
CVE-2018-12238 4.6
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) pr
29-11-2018 - 09:29 29-11-2018 - 09:29
CVE-2018-5407 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
15-11-2018 - 16:29 15-11-2018 - 16:29
CVE-2018-19200 5.0
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-19199 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-19198 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-19143 5.5
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
11-11-2018 - 00:29 11-11-2018 - 00:29
CVE-2018-19141 3.5
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
11-11-2018 - 00:29 11-11-2018 - 00:29
CVE-2018-19149 4.3
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
10-11-2018 - 14:29 10-11-2018 - 14:29
CVE-2018-19132 4.3
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
09-11-2018 - 06:29 09-11-2018 - 06:29
CVE-2018-19131 4.3
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
09-11-2018 - 06:29 09-11-2018 - 06:29
CVE-2018-16845 5.8
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using
07-11-2018 - 09:29 07-11-2018 - 09:29
CVE-2018-16844 7.8
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the '
07-11-2018 - 09:29 07-11-2018 - 09:29
CVE-2018-16843 7.8
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option
07-11-2018 - 09:29 07-11-2018 - 09:29
CVE-2018-9516 7.2
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-9363 7.2
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-14651 6.5
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause
31-10-2018 - 18:29 31-10-2018 - 18:29
CVE-2018-14661 4.0
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remot
31-10-2018 - 16:29 31-10-2018 - 16:29
CVE-2018-14659 4.0
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly cal
31-10-2018 - 15:29 31-10-2018 - 15:29
CVE-2018-14653 6.5
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of ser
31-10-2018 - 15:29 31-10-2018 - 15:29
CVE-2018-14652 4.0
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could ex
31-10-2018 - 15:29 31-10-2018 - 15:29
CVE-2018-16468 3.5
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
30-10-2018 - 17:29 30-10-2018 - 17:29
CVE-2018-18281 4.6
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain f
30-10-2018 - 14:29 30-10-2018 - 14:29
CVE-2018-0734 4.3
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.
30-10-2018 - 08:29 30-10-2018 - 08:29
CVE-2018-18710 2.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds c
29-10-2018 - 08:29 29-10-2018 - 08:29
CVE-2018-14665 7.2
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the
29-10-2018 - 08:29 25-10-2018 - 16:29
CVE-2018-18690 4.9
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_
26-10-2018 - 14:29 26-10-2018 - 14:29
CVE-2018-5188 7.5
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabi
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5187 7.5
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunde
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5156 7.5
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12385 4.4
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to w
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12383 2.1
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format star
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12382 5.0
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12381 5.0
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook instal
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12379 4.6
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system wit
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12378 7.5
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62,
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12377 7.5
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12376 7.5
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fire
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12375 6.8
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12374 4.3
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12373 4.3
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12372 4.3
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12368 9.3
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12367 4.3
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12366 4.3
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12365 4.3
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12364 6.8
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) at
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12363 6.8
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentia
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12362 6.8
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR <
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12361 6.8
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnera
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12360 6.8
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12359 6.8
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-18386 2.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
17-10-2018 - 16:29 17-10-2018 - 16:29
CVE-2018-18445 7.2
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bi
17-10-2018 - 15:29 17-10-2018 - 15:29
CVE-2018-15974 6.8
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-3179 6.4
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-8533 4.3
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability."
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8532 4.3
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability."
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8527 4.3
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." T
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8432 9.3
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office W
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8292 5.0
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerS
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-6979 5.8
The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6
05-10-2018 - 09:29 05-10-2018 - 08:29
CVE-2018-11784 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause
04-10-2018 - 09:29 04-10-2018 - 09:29
CVE-2018-15967 5.0
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-14633 8.3
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer over
24-09-2018 - 20:29 24-09-2018 - 20:29
CVE-2018-3830 4.3
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
19-09-2018 - 15:29 19-09-2018 - 15:29
CVE-2018-17182 7.2
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, ma
19-09-2018 - 05:29 19-09-2018 - 05:29
CVE-2018-14641 7.1
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configurati
18-09-2018 - 09:29 18-09-2018 - 09:29
CVE-2018-10853 4.6
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process co
11-09-2018 - 10:29 11-09-2018 - 10:29
CVE-2018-16658 3.6
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds
07-09-2018 - 10:29 07-09-2018 - 10:29
CVE-2018-16646 4.3
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
06-09-2018 - 19:29 06-09-2018 - 19:29
CVE-2018-5391 7.8
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments
06-09-2018 - 17:29 06-09-2018 - 17:29
CVE-2018-14632 4.0
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service whi
06-09-2018 - 10:29 06-09-2018 - 10:29
CVE-2018-6555 7.2
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecifi
04-09-2018 - 14:29 04-09-2018 - 14:29
CVE-2018-6554 4.9
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
04-09-2018 - 14:29 04-09-2018 - 14:29
CVE-2018-16276 7.2
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate
31-08-2018 - 12:29 31-08-2018 - 12:29
CVE-2018-14619 7.2
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed whi
30-08-2018 - 08:29 30-08-2018 - 08:29
CVE-2018-5003 6.8
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12828 7.5
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12827 5.0
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12826 5.0
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12825 7.5
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12824 4.3
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12811 7.5
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12810 7.5
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-10938 7.1
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading
27-08-2018 - 09:29 27-08-2018 - 09:29
CVE-2018-10902 4.6
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmi
21-08-2018 - 15:29 21-08-2018 - 15:29
CVE-2018-12115 5.0
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a
21-08-2018 - 09:29 21-08-2018 - 08:29
CVE-2018-15594 2.1
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
20-08-2018 - 04:29 20-08-2018 - 04:29
CVE-2018-15572 2.1
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
19-08-2018 - 22:29 19-08-2018 - 22:29
CVE-2018-15471 6.8
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to req
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-10140 4.0
The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and P
16-08-2018 - 14:29 16-08-2018 - 14:29
CVE-2018-10139 4.3
The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affect
16-08-2018 - 14:29 16-08-2018 - 14:29
CVE-2018-8382 4.3
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8379 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8378 4.3
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This a
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8376 9.3
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8375 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, M
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8374 4.0
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8360 5.0
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framewo
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8302 10.0
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8273 10.0
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-6973 7.2
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.
15-08-2018 - 08:29 15-08-2018 - 08:29
CVE-2018-3646 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fau
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-6970 4.0
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less
13-08-2018 - 17:48 13-08-2018 - 17:48
CVE-2018-5390 7.8
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
07-08-2018 - 21:29 06-08-2018 - 16:29
CVE-2018-10883 4.9
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
30-07-2018 - 12:29 30-07-2018 - 12:29
CVE-2018-14734 6.1
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
29-07-2018 - 19:29 29-07-2018 - 19:29
CVE-2018-14678 7.2
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (unin
28-07-2018 - 14:29 28-07-2018 - 14:29
CVE-2018-10882 4.9
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
27-07-2018 - 14:29 27-07-2018 - 14:29
CVE-2018-14617 7.1
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog
27-07-2018 - 00:29 27-07-2018 - 00:29
CVE-2018-14613 7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btr
27-07-2018 - 00:29 27-07-2018 - 00:29
CVE-2018-14609 7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not bee
27-07-2018 - 00:29 27-07-2018 - 00:29
CVE-2017-18344 2.1
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID
26-07-2018 - 15:29 26-07-2018 - 15:29
CVE-2018-10881 4.9
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-10879 6.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-10878 6.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-10876 4.9
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
26-07-2018 - 14:29 26-07-2018 - 14:29
CVE-2018-10880 7.1
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
25-07-2018 - 09:29 25-07-2018 - 09:29
CVE-2018-10877 6.8
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
18-07-2018 - 11:29 18-07-2018 - 11:29
CVE-2018-8011 5.0
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
18-07-2018 - 10:29 18-07-2018 - 10:29
CVE-2018-1129 3.3
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Cep
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2018-1128 5.4
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authen
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2018-13405 4.6
The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a me
06-07-2018 - 10:29 06-07-2018 - 10:29
CVE-2018-9335 3.5
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.
03-07-2018 - 17:29 03-07-2018 - 17:29
CVE-2018-9334 2.1
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML
03-07-2018 - 17:29 03-07-2018 - 17:29
CVE-2018-9242 6.6
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.
03-07-2018 - 17:29 03-07-2018 - 17:29
CVE-2018-7636 4.3
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.
03-07-2018 - 17:29 03-07-2018 - 17:29
CVE-2018-13099 4.3
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.
03-07-2018 - 06:29 03-07-2018 - 06:29
CVE-2018-13095 4.3
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents
03-07-2018 - 06:29 03-07-2018 - 06:29
CVE-2018-13094 4.3
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
03-07-2018 - 06:29 03-07-2018 - 06:29
CVE-2018-13093 4.3
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a l
03-07-2018 - 06:29 03-07-2018 - 06:29
CVE-2018-12896 2.1
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be
02-07-2018 - 13:29 02-07-2018 - 13:29
CVE-2018-1000204 6.3
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fix
26-06-2018 - 10:29 26-06-2018 - 10:29
CVE-2018-1120 3.5
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w
20-06-2018 - 09:29 20-06-2018 - 09:29
CVE-2018-1333 5.0
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).
18-06-2018 - 14:29 18-06-2018 - 14:29
CVE-2018-5848 4.6
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS
12-06-2018 - 16:29 12-06-2018 - 16:29
CVE-2018-5803 4.9
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
12-06-2018 - 12:29 12-06-2018 - 12:29
CVE-2018-12232 7.1
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment t
12-06-2018 - 08:29 12-06-2018 - 08:29
CVE-2018-1000200 4.9
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls m
05-06-2018 - 09:29 05-06-2018 - 09:29
CVE-2018-11531 7.5
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
29-05-2018 - 03:29 29-05-2018 - 03:29
CVE-2018-11506 7.2
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes
28-05-2018 - 00:29 28-05-2018 - 00:29
CVE-2018-3639 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
22-05-2018 - 08:29 22-05-2018 - 08:29
CVE-2018-1108 4.3
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
21-05-2018 - 17:29 21-05-2018 - 17:29
CVE-2018-10998 4.3
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
12-05-2018 - 00:29 12-05-2018 - 00:29
CVE-2018-1118 2.1
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel
10-05-2018 - 18:29 10-05-2018 - 18:29
CVE-2018-10958 4.3
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
09-05-2018 - 22:29 09-05-2018 - 22:29
CVE-2018-10940 4.9
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
09-05-2018 - 13:29 09-05-2018 - 13:29
CVE-2018-10322 4.9
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
24-04-2018 - 02:29 24-04-2018 - 02:29
CVE-2018-8781 7.2
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissi
23-04-2018 - 15:29 23-04-2018 - 15:29
CVE-2018-1037 4.3
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This aff
11-04-2018 - 21:29 11-04-2018 - 21:29
CVE-2018-1095 7.1
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of ser
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-1094 7.1
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-1092 7.1
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and
01-04-2018 - 23:29 01-04-2018 - 23:29
CVE-2018-7566 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
30-03-2018 - 17:29 30-03-2018 - 17:29
CVE-2018-1068 7.2
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
16-03-2018 - 12:29 16-03-2018 - 12:29
CVE-2017-18224 1.9
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modify
11-03-2018 - 23:29 11-03-2018 - 23:29
CVE-2018-8043 2.1
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
10-03-2018 - 17:29 10-03-2018 - 17:29
CVE-2018-7757 2.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy
08-03-2018 - 09:29 08-03-2018 - 09:29
CVE-2018-7755 2.1
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioc
08-03-2018 - 02:29 08-03-2018 - 02:29
CVE-2018-1065 4.7
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_
02-03-2018 - 03:29 02-03-2018 - 03:29
CVE-2017-18208 4.9
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
01-03-2018 - 00:29 01-03-2018 - 00:29
CVE-2018-7480 7.2
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
25-02-2018 - 15:29 25-02-2018 - 15:29
CVE-2018-1000026 6.8
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear
09-02-2018 - 18:29 09-02-2018 - 18:29
CVE-2017-15095 7.5
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
06-02-2018 - 10:29 06-02-2018 - 10:29
CVE-2018-5750 2.1
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
26-01-2018 - 14:29 26-01-2018 - 14:29
CVE-2017-18075 7.2
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree
24-01-2018 - 05:29 24-01-2018 - 05:29
CVE-2018-1000004 7.1
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
16-01-2018 - 15:29 16-01-2018 - 15:29
CVE-2018-5344 4.6
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
12-01-2018 - 04:29 12-01-2018 - 04:29
CVE-2018-5333 4.9
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
11-01-2018 - 02:29 11-01-2018 - 02:29
CVE-2017-17806 7.2
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HAS
20-12-2017 - 18:29 20-12-2017 - 18:29
CVE-2017-17805 7.2
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service
20-12-2017 - 18:29 20-12-2017 - 18:29
CVE-2017-17669 4.3
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
13-12-2017 - 17:29 13-12-2017 - 17:29
CVE-2017-11930 7.6
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11927 4.3
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11919 2.6
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold,
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11918 7.6
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Me
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11914 7.6
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory C
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11913 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11912 7.6
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11911 7.6
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corrupt
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11910 7.6
ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory C
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11909 7.6
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corrupt
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11908 7.6
ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique f
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11907 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11906 2.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11905 7.6
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Eng
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11903 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11901 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11899 7.5
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulne
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11895 7.6
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11894 7.6
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Win
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11893 7.6
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Eng
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11890 7.6
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the cu
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11889 7.6
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripti
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11888 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Mem
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11887 2.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain informatio
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11886 7.6
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the cu
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11885 8.5
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-1000407 6.1
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
11-12-2017 - 16:29 11-12-2017 - 16:29
CVE-2017-13168 4.6
An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
06-12-2017 - 09:29 06-12-2017 - 09:29
CVE-2017-13166 4.6
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
06-12-2017 - 09:29 06-12-2017 - 09:29
CVE-2017-11880 1.9
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obta
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11874 2.6
Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11873 7.6
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, a
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11871 7.6
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corr
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11870 7.6
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corr
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11869 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11866 7.6
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in mem
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11863 4.3
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11862 7.6
ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11861 7.6
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11858 7.6
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serv
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11856 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11855 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an atta
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11853 4.3
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11851 1.9
The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an infor
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11850 1.9
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a special
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11849 1.9
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11848 4.3
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attac
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11846 7.5
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serv
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11844 4.3
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11843 7.6
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11842 1.9
Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows k
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11841 7.6
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in mem
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11840 7.6
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in mem
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11839 7.6
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11838 7.6
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11837 7.6
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11836 7.6
ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in mem
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11834 2.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11833 2.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-orig
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11831 4.7
Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11830 4.6
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature B
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11827 9.3
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11803 4.3
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11791 2.6
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11768 1.9
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2016-8610 5.0
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser
13-11-2017 - 17:29 13-11-2017 - 17:29
CVE-2017-16649 7.2
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted US
07-11-2017 - 18:29 07-11-2017 - 18:29
CVE-2017-16648 7.2
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB
07-11-2017 - 18:29 07-11-2017 - 18:29
CVE-2017-16541 4.3
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: T
04-11-2017 - 14:29 04-11-2017 - 14:29
CVE-2017-16533 7.2
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
03-11-2017 - 21:29 03-11-2017 - 21:29
CVE-2017-14864 4.3
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
28-09-2017 - 21:34 28-09-2017 - 21:34
CVE-2017-14862 4.3
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
28-09-2017 - 21:34 28-09-2017 - 21:34
CVE-2017-14859 4.3
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
28-09-2017 - 21:34 28-09-2017 - 21:34
CVE-2017-11683 4.3
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
27-07-2017 - 02:29 27-07-2017 - 02:29
CVE-2017-11591 5.0
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
23-07-2017 - 21:29 23-07-2017 - 21:29
CVE-2017-9789 5.0
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.
13-07-2017 - 12:29 13-07-2017 - 12:29
CVE-2017-9788 6.4
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial ke
13-07-2017 - 12:29 13-07-2017 - 12:29
CVE-2017-7529 5.0
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
13-07-2017 - 09:29 13-07-2017 - 09:29
CVE-2017-5645 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
24-04-2017 - 20:32 17-04-2017 - 17:59
CVE-2017-7273 4.6
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
03-04-2017 - 10:07 27-03-2017 - 13:59
CVE-2017-0147 4.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
20-03-2017 - 10:34 16-03-2017 - 20:59
CVE-2017-0148 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0146 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0145 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0144 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0143 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2004-2761 5.0
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
01-02-2017 - 13:53 05-01-2009 - 15:30
CVE-2014-3481 5.0
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML Ex
06-01-2017 - 22:00 07-07-2014 - 10:55
CVE-2014-3472 4.9
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass a
06-01-2017 - 22:00 19-08-2014 - 14:55
CVE-2014-3464 5.5
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated use
06-01-2017 - 21:59 19-08-2014 - 14:55
CVE-2014-2440 5.1
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2438 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2436 6.0
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2432 2.8
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2431 2.6
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2430 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2419 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-0591 2.6
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemo
06-01-2017 - 21:59 13-01-2014 - 23:29
CVE-2014-0384 4.0
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0231 5.0
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0226 6.8
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0193 5.0
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a
06-01-2017 - 21:59 06-05-2014 - 10:55
CVE-2014-0118 4.3
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0093 5.8
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission an
06-01-2017 - 21:59 03-04-2014 - 12:15
CVE-2014-0018 1.9
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to
06-01-2017 - 21:59 14-02-2014 - 10:55
CVE-2016-9588 2.1
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
30-12-2016 - 21:59 28-12-2016 - 02:59
CVE-2013-4286 5.8
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identifi
07-12-2016 - 22:03 26-02-2014 - 09:55
CVE-2012-2687 2.6
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to in
07-12-2016 - 22:02 22-08-2012 - 15:55
CVE-2015-7575 4.3
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it e
07-12-2016 - 13:24 08-01-2016 - 21:59
CVE-2016-0266 4.3
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
28-11-2016 - 14:52 07-08-2016 - 21:59
CVE-2013-4152 6.8
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF at
28-11-2016 - 14:09 23-01-2014 - 16:55
CVE-2013-2067 6.8
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions,
28-11-2016 - 14:09 01-06-2013 - 10:21
CVE-2012-2673 5.0
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attack
28-09-2016 - 21:59 25-07-2012 - 15:55
CVE-2012-5498 5.0
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
17-11-2015 - 10:17 30-09-2014 - 10:55
CVE-2014-0110 4.3
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.
22-04-2015 - 21:59 08-05-2014 - 10:29
CVE-2014-0109 4.3
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.
22-04-2015 - 21:59 08-05-2014 - 10:29
CVE-2014-0035 4.3
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers
22-04-2015 - 21:59 07-07-2014 - 10:55
CVE-2014-0034 4.3
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.
22-04-2015 - 21:59 07-07-2014 - 10:55
CVE-2013-4517 4.3
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
22-04-2015 - 21:59 10-01-2014 - 20:55
CVE-2013-2133 5.5
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated
22-04-2015 - 21:59 06-12-2013 - 12:55
CVE-2014-0005 3.6
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying
27-03-2015 - 21:59 20-02-2015 - 11:59
CVE-2013-2035 4.4
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with
17-01-2015 - 21:59 28-08-2013 - 19:55
CVE-2012-5500 4.3
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
04-11-2014 - 22:09 03-11-2014 - 17:55
CVE-2012-5499 5.0
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
10-10-2014 - 00:59 30-09-2014 - 10:55
CVE-2012-5497 5.0
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
10-10-2014 - 00:59 30-09-2014 - 10:55
CVE-2012-5488 5.0
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
10-10-2014 - 00:59 30-09-2014 - 10:55
CVE-2012-5486 6.4
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
10-10-2014 - 00:59 30-09-2014 - 10:55
CVE-2012-5485 6.8
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
10-10-2014 - 00:59 30-09-2014 - 10:55
CVE-2014-3521 5.5
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
07-10-2014 - 12:58 06-10-2014 - 10:55
CVE-2013-6496 5.0
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
07-10-2014 - 09:52 06-10-2014 - 10:55
CVE-2014-0003 7.5
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
19-04-2014 - 00:45 21-03-2014 - 00:38
CVE-2013-4330 6.8
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
26-03-2014 - 00:50 04-10-2013 - 13:55
CVE-2013-6440 5.0
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE)
05-03-2014 - 23:49 14-02-2014 - 10:55
CVE-2013-4480 7.5
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
30-11-2013 - 23:30 17-11-2013 - 21:55
CVE-2012-5575 6.4
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers
30-10-2013 - 23:29 19-08-2013 - 19:55
CVE-2012-4529 4.3
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain t
30-10-2013 - 10:49 28-10-2013 - 17:55
CVE-2012-4572 3.7
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share clas
30-10-2013 - 10:47 28-10-2013 - 17:55
CVE-2012-3451 4.3
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
14-05-2013 - 23:27 24-09-2012 - 13:55
CVE-2012-4550 6.4
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being appl
07-05-2013 - 00:00 04-01-2013 - 19:55
CVE-2012-3386 4.4
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vector
04-04-2013 - 23:11 07-08-2012 - 17:55
CVE-2012-2379 10.0
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impac
13-02-2013 - 23:52 02-01-2013 - 20:55
CVE-2012-2378 4.3
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite
12-02-2013 - 00:08 04-01-2013 - 19:55
CVE-2008-0455 4.3
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated use
06-02-2013 - 22:53 24-01-2008 - 20:00
CVE-2012-4549 5.8
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB)
15-01-2013 - 00:00 04-01-2013 - 19:55
CVE-2012-3428 4.3
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attack
08-01-2013 - 00:04 20-12-2012 - 07:02
CVE-2012-2672 2.1
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
08-01-2013 - 00:02 16-06-2012 - 23:41
CVE-2005-2090 4.3
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header
07-03-2011 - 21:23 05-07-2005 - 00:00
Back to Top Mark selected
Back to Top