Vulnerabilities (CVE)

Filter

108724 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-10849 2018-06-25 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12533. Reason: This candidate is a reservation duplicate of CVE-2018-12533. Notes: All CVE users should reference CVE-2018-12533 instead of this candidate. All references and...
CVE-2018-10848 2018-06-25 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12532. Reason: This candidate is a reservation duplicate of CVE-2018-12532. Notes: All CVE users should reference CVE-2018-12532 instead of this candidate. All references and...
CVE-2018-12716 2018-06-25 N/A
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by...
CVE-2018-6672 2018-06-25 N/A
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors.
CVE-2018-6671 2018-06-25 N/A
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a...
CVE-2018-12617 2018-06-25 N/A
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory...
CVE-2018-12613 2018-06-25 N/A
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin,...
CVE-2018-12604 2018-06-25 N/A
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.
CVE-2018-12714 2018-06-24 N/A
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1...
CVE-2018-12706 2018-06-24 N/A
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12705 2018-06-24 N/A
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12713 2018-06-24 N/A
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by...
CVE-2018-8214 1 Microsoft 2 Windows 10, Windows Server 2016 2018-06-24 6.9
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows...
CVE-2018-8208 1 Microsoft 2 Windows 10, Windows Server 2016 2018-06-24 6.9
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows...
CVE-2018-5428 2018-06-24 N/A
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.
CVE-2018-3665 2018-06-24 N/A
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-2815 2 Oracle, Redhat 6 Jdk, Jre, Jrockit and 3 more 2018-06-24 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily...
CVE-2018-2814 2 Oracle, Redhat 5 Jdk, Jre, Enterprise Linux Desktop and 2 more 2018-06-24 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows...
CVE-2018-2800 2 Oracle, Redhat 6 Jdk, Jre, Jrockit and 3 more 2018-06-24 4.0
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker...
CVE-2018-2799 2 Oracle, Redhat 6 Jdk, Jre, Jrockit and 3 more 2018-06-24 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable...