Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7787 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. | |||||
| CVE-2018-12694 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2018-08-24 | 7.8 HIGH | 7.5 HIGH |
| TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | |||||
| CVE-2017-6345 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. | |||||
| CVE-2017-16538 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). | |||||
| CVE-2018-3753 | 1 Merge-object Project | 1 Merge-object | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-1000607 | 1 Jenkins | 1 Fortify Cloudscan | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. | |||||
| CVE-2018-11537 | 1 Auth0 | 1 Angular-jwt | 2018-08-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | |||||
| CVE-2018-3752 | 1 Merge-options Project | 1 Merge-options | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3749 | 1 Deap Project | 1 Deap | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3750 | 1 Deep Extend Project | 1 Deep Extend | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2017-9312 | 1 Rockwellautomation | 2 Allen-bradley L30erms, Allen-bradley L30erms Firmware | 2018-08-23 | 7.8 HIGH | 7.5 HIGH |
| Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. | |||||
| CVE-2018-12712 | 1 Joomla | 1 Joomla\! | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | |||||
| CVE-2018-12999 | 1 Zohocorp | 1 Manageengine Desktop Central | 2018-08-20 | 6.4 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | |||||
| CVE-2018-12988 | 1 Greencms | 1 Greencms | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | |||||
| CVE-2017-14650 | 1 Horde | 1 Horde Image Api | 2018-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line. | |||||
| CVE-2017-9773 | 1 Horde | 1 Horde Image | 2018-08-18 | 4.3 MEDIUM | 5.7 MEDIUM |
| Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | |||||
| CVE-2017-16837 | 1 Trusted Boot Project | 1 Trusted Boot | 2018-08-17 | 4.6 MEDIUM | 7.8 HIGH |
| Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. | |||||
| CVE-2018-5136 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-11222 | 1 Artica | 1 Pandora Fms | 2018-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | |||||
| CVE-2017-5395 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||