Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8954 | 1 Indexhibit | 1 Indexhibit | 2019-02-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. | |||||
| CVE-2018-14988 | 1 Mxq Project | 2 Mxq Tv Box, Mxq Tv Box Firmware | 2019-02-15 | 7.8 HIGH | 7.5 HIGH |
| The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, versionName=4.4.2-20170213) that contains an exported broadcast receiver application component that, when called, will make the device inoperable. The vulnerable component named com.android.server.SystemRestoreReceiver will write a value of --restore_system\n--locale=<localeto the /cache/recovery/command file and boot into recovery mode. During this process, it appears that when booting into recovery mode, the system partition gets formatted or modified and will be unable to boot properly thereafter. After the device wouldn't boot properly, a factory reset of the device in recovery mode does not regain properly functionality of the device. The com.android.server.SystemRestoreReceiver broadcast receiver app component is accessible to any app co-located on the device and does not require any permission to access. The user can most likely recover the device by flashing clean firmware images placed on an SD card. | |||||
| CVE-2018-20404 | 1 Viatech | 2 Epia-e900, Epia-e900 Firmware | 2019-02-14 | 7.8 HIGH | 7.5 HIGH |
| ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD. | |||||
| CVE-2018-16196 | 1 Yokogawa | 11 B\/m9000 Vp, Centum Cs 3000, Centum Cs 3000 Entry Class and 8 more | 2019-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors. | |||||
| CVE-2018-1000883 | 1 Plug Project | 1 Plug | 2019-02-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in >= 1.3.5 or ~> 1.2.5 or ~> 1.1.9 or ~> 1.0.6. | |||||
| CVE-2018-5499 | 1 Atto | 2 Fibrebridge 7500n, Fibrebridge 7500n Firmware | 2019-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2018-20767 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2019-02-13 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution. | |||||
| CVE-2018-20771 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2019-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution. | |||||
| CVE-2018-5203 | 1 Dextsolution | 1 Dextuploadx5 | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution. | |||||
| CVE-2018-1000815 | 1 Brave | 1 Brave | 2019-02-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2. | |||||
| CVE-2018-19960 | 1 Onionshare | 1 Onionshare | 2019-02-05 | 4.4 MEDIUM | 7.0 HIGH |
| The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname. | |||||
| CVE-2018-19791 | 1 Litespeedtech | 1 Openlitespeed | 2019-02-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring. | |||||
| CVE-2018-5498 | 1 Netapp | 1 Clustered Data Ontap | 2019-02-05 | 3.5 LOW | 4.4 MEDIUM |
| Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access. | |||||
| CVE-2015-1319 | 1 Canonical | 1 Ubuntu Linux | 2019-02-04 | 2.1 LOW | N/A |
| The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. | |||||
| CVE-2018-16185 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2019-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. | |||||
| CVE-2018-5197 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2019-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute. | |||||
| CVE-2018-16528 | 1 Amazon | 1 Amazon Web Services Freertos | 2019-02-01 | 6.8 MEDIUM | 8.1 HIGH |
| Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect in AWS TLS connectivity modules. | |||||
| CVE-2018-12167 | 1 Intel | 2 Optane Ssd Dc P4800x, Optane Ssd Dc P4800x Firmware | 2019-02-01 | 2.1 LOW | 4.4 MEDIUM |
| Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2018-12166 | 1 Intel | 2 Optane Ssd Dc P4800x, Optane Ssd Dc P4800x Firmware | 2019-02-01 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2015-1139 | 1 Apple | 1 Mac Os X | 2019-01-31 | 6.8 MEDIUM | N/A |
| ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. | |||||