| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-6706 |
|
|
2018-12-12 |
N/A |
| Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors. |
| CVE-2018-9362 |
1 Google |
1 Android |
2018-12-12 |
7.8 |
| In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not... |
| CVE-2018-9363 |
3 Canonical, Debian, Google |
3 Ubuntu Linux, Debian Linux, Android |
2018-12-12 |
7.2 |
| In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android... |
| CVE-2018-9385 |
1 Google |
1 Android |
2018-12-12 |
4.6 |
| In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for... |
| CVE-2018-17055 |
|
|
2018-12-12 |
5.0 |
| An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. |
| CVE-2018-9415 |
2 Canonical, Google |
2 Ubuntu Linux, Android |
2018-12-12 |
4.6 |
| In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for... |
| CVE-2018-9436 |
1 Google |
1 Android |
2018-12-12 |
7.8 |
| In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2018-9437 |
1 Google |
1 Android |
2018-12-12 |
7.1 |
| In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product:... |
| CVE-2018-17905 |
1 Omron |
1 Cx-supervisor |
2018-12-12 |
6.8 |
| When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object. |
| CVE-2018-17907 |
1 Omron |
1 Cx-supervisor |
2018-12-12 |
4.3 |
| When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. |
| CVE-2018-9444 |
1 Google |
1 Android |
2018-12-12 |
7.1 |
| In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User... |
| CVE-2018-17909 |
1 Omron |
1 Cx-supervisor |
2018-12-12 |
6.8 |
| When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application. |
| CVE-2018-17913 |
1 Omron |
1 Cx-supervisor |
2018-12-12 |
6.8 |
| A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application. |
| CVE-2018-9445 |
1 Google |
1 Android |
2018-12-12 |
7.2 |
| In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not... |
| CVE-2018-16468 |
1 Loofah Project |
1 Loofah |
2018-12-12 |
3.5 |
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. |
| CVE-2018-9446 |
1 Google |
1 Android |
2018-12-12 |
10.0 |
| In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2018-9448 |
1 Google |
1 Android |
2018-12-12 |
7.8 |
| In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2018-9450 |
1 Google |
1 Android |
2018-12-12 |
9.0 |
| In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2018-9451 |
1 Google |
1 Android |
2018-12-12 |
4.9 |
| In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed... |
| CVE-2018-9454 |
1 Google |
1 Android |
2018-12-12 |
4.9 |
| In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for... |
