Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11314 | 1 Roku | 2 Roku, Roku Firmware | 2023-11-07 | 9.3 HIGH | 9.6 CRITICAL |
| The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | |||||
| CVE-2018-11357 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | |||||
| CVE-2018-11773 | 1 Apache | 1 Virtual Computing Lab | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2018-10103 | 1 Tcpdump | 1 Tcpdump | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). | |||||
| CVE-2018-11799 | 1 Apache | 1 Oozie | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name. | |||||
| CVE-2018-11354 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. | |||||
| CVE-2018-1000873 | 3 Fasterxml, Netapp, Oracle | 6 Jackson-modules-java8, Active Iq Unified Manager, Clusterware and 3 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. | |||||
| CVE-2018-10105 | 1 Tcpdump | 1 Tcpdump | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). | |||||
| CVE-2018-11315 | 1 Radiothermostat | 4 Ct50, Ct50 Firmware, Ct80 and 1 more | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. | |||||
| CVE-2018-10468 | 1 Uetoken | 1 Useless Ethereum Token | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue. | |||||
| CVE-2018-11316 | 1 Sonos | 2 Sonos, Sonos Firmware | 2023-11-07 | 9.3 HIGH | 9.6 CRITICAL |
| The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | |||||
| CVE-2018-11411 | 1 Dimoncoin | 1 Dimoncoin | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect. | |||||
| CVE-2017-9801 | 1 Apache | 1 Commons Email | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | |||||
| CVE-2017-7428 | 1 Netiq | 1 Imanager | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | |||||
| CVE-2017-7672 | 1 Apache | 1 Struts | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. | |||||
| CVE-2017-7435 | 1 Opensuse | 1 Libzypp | 2023-11-07 | 9.3 HIGH | 8.1 HIGH |
| In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. | |||||
| CVE-2017-8933 | 1 Libmenu-cache Project | 1 Libmenu-cache | 2023-11-07 | 2.1 LOW | 3.3 LOW |
| Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). | |||||
| CVE-2017-9354 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | |||||
| CVE-2017-8934 | 1 Pcmanfm Project | 1 Pcmanfm | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | |||||
| CVE-2017-7436 | 1 Opensuse | 1 Libzypp | 2023-11-07 | 9.3 HIGH | 8.1 HIGH |
| In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. | |||||