Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

6333 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-19058 2 Freedesktop, Canonical 2 Poppler, Ubuntu Linux 2018-12-07 4.3
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVE-2015-5159 2018-12-07 5.0
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
CVE-2018-11950 1 Qualcomm 2 Sd 845 Firmware, Sd 850 Firmware 2018-12-07 7.2
Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850
CVE-2017-15705 4 Apache, Canonical, Debian and 1 more 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more 2018-12-07 5.0
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache...
CVE-2018-11872 1 Qualcomm 3 Sd 845 Firmware, Sd 850 Firmware, Sda660 Firmware 2018-12-07 7.2
Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660
CVE-2018-11873 1 Qualcomm 1 Sd845 Firmware 2018-12-07 7.2
Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845.
CVE-2012-0838 1 Apache 1 Struts 2018-12-07 10.0
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
CVE-2013-2037 2 Httplib2 Project, Canonical 2 Ubuntu Linux, Httplib2 2018-12-06 2.6
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows...
CVE-2013-1939 2 Fruux, Owncloud 2 Owncloud, Sabredav 2018-12-06 5.0
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary...
CVE-2013-0156 2 Rubyonrails, Debian 3 Rails, Ruby On Rails, Debian Linux 2018-12-06 7.5
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct...
CVE-2012-5688 2 Isc, Canonical 2 Bind, Ubuntu Linux 2018-12-06 7.8
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2018-12385 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-06 4.4
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker...
CVE-2018-5156 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-06 7.5
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability...
CVE-2018-12387 4 Mozilla, Canonical, Debian and 1 more 10 Firefox, Firefox Esr, Ubuntu Linux and 7 more 2018-12-06 6.4
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used...
CVE-2018-12382 1 Mozilla 1 Firefox 2018-12-06 5.0
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user...
CVE-2017-18283 1 Qualcomm 9 Qca9379 Firmware, Sd 205 Firmware, Sd 210 Firmware and 6 more 2018-12-06 6.1
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.
CVE-2017-18294 1 Qualcomm 24 Fsm9055 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 21 more 2018-12-06 7.2
While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206,...
CVE-2018-15425 1 Cisco 1 Identity Services Engine 2018-12-06 6.5
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges...
CVE-2018-15424 1 Cisco 1 Identity Services Engine 2018-12-06 6.5
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges...
CVE-2018-16956 1 Oracle 1 Webcenter Interaction 2018-12-06 4.0
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI...