Total
8212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0793 | 2 Microsoft, Redhat | 2 Windows, Jboss Wildfly Application Server | 2018-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | |||||
| CVE-2018-4088 | 3 Apple, Canonical, Microsoft | 9 Apple Tv, Icloud, Iphone Os and 6 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2018-4096 | 3 Apple, Canonical, Microsoft | 9 Apple Tv, Icloud, Iphone Os and 6 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2018-5224 | 2 Atlassian, Microsoft | 2 Bamboo, Windows | 2018-04-24 | 9.0 HIGH | 8.8 HIGH |
| Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability. | |||||
| CVE-2018-7719 | 2 Acrolinx, Microsoft | 2 Acrolinx Server, Windows | 2018-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. | |||||
| CVE-2018-3626 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2018-04-18 | 1.9 LOW | 4.7 MEDIUM |
| Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information. | |||||
| CVE-2018-7212 | 2 Microsoft, Sinatrarb | 2 Windows, Sinatra | 2018-03-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters. | |||||
| CVE-2016-8742 | 2 Apache, Microsoft | 2 Couchdb, Windows | 2018-03-14 | 7.2 HIGH | 7.8 HIGH |
| The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1. | |||||
| CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2018-03-13 | 9.3 HIGH | 7.8 HIGH |
| March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. | |||||
| CVE-2018-1214 | 2 Dell, Microsoft | 2 Emc Supportassist Enterprise, Windows | 2018-03-12 | 4.4 MEDIUM | 7.0 HIGH |
| Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1. | |||||
| CVE-2016-5308 | 2 Microsoft, Symantec | 2 Windows, Client Intrusion Detection System | 2018-03-05 | 7.1 HIGH | 5.5 MEDIUM |
| The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. | |||||
| CVE-2017-12549 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12546 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 5.5 MEDIUM | 5.6 MEDIUM |
| A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12545 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 7.8 HIGH | 7.5 HIGH |
| A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12544 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2016-0215 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2018-02-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database. | |||||
| CVE-2016-1051 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2018-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107. | |||||
| CVE-2012-0584 | 2 Apple, Microsoft | 2 Safari, Windows | 2018-01-06 | 6.4 MEDIUM | N/A |
| The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. | |||||
| CVE-2011-3516 | 2 Microsoft, Sun | 3 Windows, Jdk, Jre | 2018-01-06 | 7.6 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2017-3075 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-01-05 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution. | |||||