Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0899 | 1 Apache | 1 Struts | 2018-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter. | |||||
| CVE-2016-3090 | 1 Apache | 1 Struts | 2018-07-01 | 6.5 MEDIUM | 8.8 HIGH |
| The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. | |||||
| CVE-2016-8738 | 1 Apache | 1 Struts | 2018-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | |||||
| CVE-2016-9394 | 1 Jasper Project | 1 Jasper | 2018-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||||
| CVE-2016-9390 | 1 Jasper Project | 1 Jasper | 2018-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | |||||
| CVE-2015-7519 | 1 Phusionpassenger | 1 Phusion Passenger | 2018-06-29 | 4.3 MEDIUM | 3.7 LOW |
| agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header. | |||||
| CVE-2018-4943 | 1 Adobe | 1 Push Notifications | 2018-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app. | |||||
| CVE-2017-17158 | 1 Huawei | 14 Berlin-l21hn, Berlin-l21hn Firmware, Prague-al00a and 11 more | 2018-06-26 | 2.1 LOW | 4.6 MEDIUM |
| Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. | |||||
| CVE-2018-1137 | 1 Moodle | 1 Moodle | 2018-06-25 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. | |||||
| CVE-2017-7815 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-7817 | 2 Google, Mozilla | 2 Android, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. | |||||
| CVE-2017-7832 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57. | |||||
| CVE-2017-7833 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57. | |||||
| CVE-2017-7837 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. | |||||
| CVE-2017-7838 | 1 Mozilla | 1 Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57. | |||||
| CVE-2018-5110 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5111 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5121 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58. | |||||
| CVE-2017-17315 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal. | |||||
| CVE-2018-4992 | 1 Adobe | 1 Creative Cloud | 2018-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation. | |||||