Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7432 | 1 Splunk | 1 Splunk | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | |||||
| CVE-2018-7429 | 1 Splunk | 1 Splunk | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | |||||
| CVE-2017-3241 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2018-12-10 | 6.8 MEDIUM | 9.0 CRITICAL |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2018-12-10 | 8.5 HIGH | 9.3 CRITICAL |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | |||||
| CVE-2016-3979 | 1 Sap | 1 Java As | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185. | |||||
| CVE-2013-6815 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-2819 | 1 Sap | 1 Sql Anywhere | 2018-12-10 | 5.0 MEDIUM | N/A |
| SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | |||||
| CVE-2016-3980 | 1 Sap | 1 Application Server Java | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. | |||||
| CVE-2017-5371 | 1 Sybase | 1 Adaptive Server Enterprise | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422. | |||||
| CVE-2013-6814 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.8 MEDIUM | N/A |
| The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | |||||
| CVE-2017-18292 | 1 Qualcomm | 42 Msm8909w, Msm8909w Firmware, Msm8996au and 39 more | 2018-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. | |||||
| CVE-2015-5159 | 1 Kdcproxy Project | 1 Kdcproxy | 2018-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request. | |||||
| CVE-2018-11950 | 1 Qualcomm | 4 Sd 845, Sd 845 Firmware, Sd 850 and 1 more | 2018-12-07 | 7.2 HIGH | 7.8 HIGH |
| Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850 | |||||
| CVE-2012-0838 | 1 Apache | 1 Struts | 2018-12-07 | 10.0 HIGH | N/A |
| Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field. | |||||
| CVE-2013-2037 | 2 Canonical, Httplib2 Project | 2 Ubuntu Linux, Httplib2 | 2018-12-06 | 2.6 LOW | N/A |
| httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5688 | 2 Canonical, Isc | 2 Ubuntu Linux, Bind | 2018-12-06 | 7.8 HIGH | N/A |
| ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | |||||
| CVE-2018-12385 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-12-06 | 4.4 MEDIUM | 7.0 HIGH |
| A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. | |||||
| CVE-2018-12387 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2018-12-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. | |||||
| CVE-2018-12382 | 2 Google, Mozilla | 2 Android, Firefox | 2018-12-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.* | |||||
| CVE-2018-16956 | 1 Oracle | 1 Webcenter Interaction | 2018-12-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software (such as IIS). Renaming pages to include unsupported characters, such as 0x7f, prevents these pages from being accessed over the web server, causing a Denial of Service (DoS) to the page. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||