Vulnerabilities (CVE)

Filter

63810 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-12243 1 Symantec 1 Messaging Gateway 2018-12-08 5.8
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML...
CVE-2018-17968 1 Ruletkaio 1 Ruletkaio 2018-12-08 5.0
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from...
CVE-2018-17877 1 Greedy599 1 Greedy 599 2018-12-08 5.0
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from...
CVE-2018-11824 1 Qualcomm 10 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware and 7 more 2018-12-07 7.2
A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660
CVE-2018-19058 2 Freedesktop, Canonical 2 Poppler, Ubuntu Linux 2018-12-07 4.3
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVE-2018-19059 2 Freedesktop, Canonical 2 Poppler, Ubuntu Linux 2018-12-07 4.3
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
CVE-2018-19060 2 Freedesktop, Canonical 2 Poppler, Ubuntu Linux 2018-12-07 4.3
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
CVE-2018-19051 1 Metinfo 1 Metinfo 2018-12-07 4.3
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
CVE-2015-5159 2018-12-07 5.0
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
CVE-2018-19050 1 Metinfo 1 Metinfo 2018-12-07 4.3
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
CVE-2018-19835 1 Metinfo 1 Metinfo 2018-12-07 4.3
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
CVE-2017-18297 1 Qualcomm 7 Sd 425 Firmware, Sd 430 Firmware, Sd 450 Firmware and 4 more 2018-12-07 7.2
Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.
CVE-2017-18305 1 Qualcomm 7 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware and 4 more 2018-12-07 6.9
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
CVE-2017-18312 1 Qualcomm 9 Msm8996au Firmware, Sd 410 Firmware, Sd 412 Firmware and 6 more 2018-12-07 7.2
While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD...
CVE-2018-11854 1 Qualcomm 4 Sd 835 Firmware, Sd 845 Firmware, Sd 850 Firmware and 1 more 2018-12-07 7.2
Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660
CVE-2018-11950 1 Qualcomm 2 Sd 845 Firmware, Sd 850 Firmware 2018-12-07 7.2
Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850
CVE-2018-11951 1 Qualcomm 2 Sd 845 Firmware, Sd 850 Firmware 2018-12-07 4.9
Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.
CVE-2018-18718 2 Gnome, Debian 2 Gthumb, Debian Linux 2018-12-07 4.6
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
CVE-2018-18897 1 Freedesktop 1 Poppler 2018-12-07 4.3
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2017-15705 4 Apache, Canonical, Debian and 1 more 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more 2018-12-07 5.0
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache...