Vulnerabilities (CVE)

Filter

116217 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-5159 2018-12-07 5.0
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
CVE-2018-19050 1 Metinfo 1 Metinfo 2018-12-07 4.3
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
CVE-2018-19835 1 Metinfo 1 Metinfo 2018-12-07 4.3
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
CVE-2017-18297 1 Qualcomm 7 Sd 425 Firmware, Sd 430 Firmware, Sd 450 Firmware and 4 more 2018-12-07 7.2
Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.
CVE-2017-18305 1 Qualcomm 7 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware and 4 more 2018-12-07 6.9
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
CVE-2017-18312 1 Qualcomm 9 Msm8996au Firmware, Sd 410 Firmware, Sd 412 Firmware and 6 more 2018-12-07 7.2
While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD...
CVE-2018-11854 1 Qualcomm 4 Sd 835 Firmware, Sd 845 Firmware, Sd 850 Firmware and 1 more 2018-12-07 7.2
Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660
CVE-2018-11950 1 Qualcomm 2 Sd 845 Firmware, Sd 850 Firmware 2018-12-07 7.2
Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850
CVE-2018-11951 1 Qualcomm 2 Sd 845 Firmware, Sd 850 Firmware 2018-12-07 4.9
Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.
CVE-2018-18718 2 Gnome, Debian 2 Gthumb, Debian Linux 2018-12-07 4.6
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
CVE-2018-18897 1 Freedesktop 1 Poppler 2018-12-07 4.3
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2018-1150 1 Nuuo 1 Nvrmini2 Firmware 2018-12-07 7.5
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
CVE-2018-1851 1 Ibm 1 Websphere Application Server 2018-12-07 7.5
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit...
CVE-2018-18751 3 Gnu, Canonical, Redhat 3 Gettext, Ubuntu Linux, Enterprise Linux 2018-12-07 7.5
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVE-2018-1149 1 Nuuo 1 Nvrmini2 Firmware 2018-12-07 10.0
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
CVE-2018-16861 2018-12-07 N/A
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users,...
CVE-2018-18752 1 Webiness Project 1 Webiness Inventory 2018-12-07 7.5
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
CVE-2017-15705 4 Apache, Canonical, Debian and 1 more 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more 2018-12-07 5.0
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache...
CVE-2018-16521 1 Openmrs 2 Html Form Entry, Reference Application 2018-12-07 7.5
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
CVE-2018-18754 1 Zyxel 1 Vmg3312-b10b Firmware 2018-12-07 5.0
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.