| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5529 | — | Hig | 0.51 | 7.8 | 0.00 | Jul 12, 2018 | The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of… | |
| CVE-2018-12980 | Hig | 0.63 | 8.8 | 0.30 | Jul 12, 2018 | An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. | ||
| CVE-2017-14709 | Hig | 0.48 | 7.4 | 0.00 | Jul 12, 2018 | The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a… | ||
| CVE-2018-14006 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14005 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14004 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14003 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14002 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-14001 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-13836 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance. | ||
| CVE-2018-12540 | — | Hig | 0.50 | 8.8 | 0.02 | Jul 12, 2018 | In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. | |
| CVE-2017-18155 | Hig | 0.51 | 7.8 | 0.00 | Jul 12, 2018 | While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. | ||
| CVE-2018-13997 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2018 | Genann through 2018-07-08 has a SEGV in genann_run in genann.c. | ||
| CVE-2018-11049 | Hig | 0.47 | 7.3 | 0.00 | Jul 11, 2018 | RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user… | ||
| CVE-2018-0032 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2018 | The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS… | ||
| CVE-2018-0030 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2018 | Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected… | ||
| CVE-2018-0027 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2018 | Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue… | ||
| CVE-2018-0024 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2018 | An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series;… | ||
| CVE-2018-3936 | Hig | 0.57 | 8.8 | 0.02 | Jul 11, 2018 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. | ||
| CVE-2018-3933 | Hig | 0.57 | 8.8 | 0.02 | Jul 11, 2018 | An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write,… | ||
| CVE-2018-3932 | Hig | 0.57 | 8.8 | 0.03 | Jul 11, 2018 | An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based… | ||
| CVE-2018-3931 | Hig | 0.51 | 7.8 | 0.02 | Jul 11, 2018 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method. | ||
| CVE-2018-3930 | Hig | 0.51 | 7.8 | 0.02 | Jul 11, 2018 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method. | ||
| CVE-2018-3929 | Hig | 0.51 | 7.8 | 0.02 | Jul 11, 2018 | An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote… | ||
| CVE-2018-13989 | Hig | 0.60 | 8.8 | 0.03 | Jul 11, 2018 | Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device. | ||
| CVE-2018-11529 | Hig | 0.58 | 8.0 | 0.41 | Jul 11, 2018 | VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. | ||
| CVE-2017-16709 | Hig | 0.56 | 7.2 | 0.72 | Jul 11, 2018 | Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. | ||
| CVE-2013-2972 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2018 | IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868. | ||
| CVE-2013-2951 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2018 | IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621. | ||
| CVE-2013-0589 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2018 | IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371. | ||
| CVE-2018-8007 | Hig | 0.48 | 7.2 | 0.12 | Jul 11, 2018 | Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the… | ||
| CVE-2017-7467 | — | Hig | 0.46 | 7.0 | 0.03 | Jul 11, 2018 | A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. | |
| CVE-2018-8313 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2018 | An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10,… | ||
| CVE-2018-8312 | Hig | 0.52 | 7.8 | 0.20 | Jul 11, 2018 | A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. | ||
| CVE-2018-8311 | Hig | 0.59 | 8.8 | 0.17 | Jul 11, 2018 | A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync. | ||
| CVE-2018-8310 | Hig | 0.49 | 7.5 | 0.05 | Jul 11, 2018 | A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office. | ||
| CVE-2018-8301 | Hig | 0.50 | 7.5 | 0.13 | Jul 11, 2018 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275,… | ||
| CVE-2018-8300 | Hig | 0.58 | 8.8 | 0.13 | Jul 11, 2018 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint. | ||
| CVE-2018-8298 | Hig | 0.14 | 7.5 | 0.75 | KEV | Jul 11, 2018 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287,… | |
| CVE-2018-8296 | Hig | 0.50 | 7.5 | 0.16 | Jul 11, 2018 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283,… | ||
| CVE-2018-8294 | Hig | 0.43 | 7.5 | 0.19 | Jul 11, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,… | ||
| CVE-2018-8291 | Hig | 0.02 | 7.5 | 0.70 | Jul 11, 2018 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from… | ||
| CVE-2018-8290 | Hig | 0.43 | 7.5 | 0.19 | Jul 11, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,… | ||
| CVE-2018-8288 | Hig | 0.02 | 7.5 | 0.70 | Jul 11, 2018 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from… | ||
| CVE-2018-8287 | Hig | 0.43 | 7.5 | 0.16 | Jul 11, 2018 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID… | ||
| CVE-2018-8286 | Hig | 0.43 | 7.5 | 0.19 | Jul 11, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,… | ||
| CVE-2018-8284 | Hig | 0.56 | 8.1 | 0.43 | Jul 11, 2018 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework… | ||
| CVE-2018-8283 | Hig | 0.43 | 7.5 | 0.14 | Jul 11, 2018 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288,… | ||
| CVE-2018-8282 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2018 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,… | ||
| CVE-2018-8281 | Hig | 0.52 | 7.8 | 0.20 | Jul 11, 2018 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office,… |
- risk 0.51cvss 7.8epss 0.00
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of…
- risk 0.63cvss 8.8epss 0.30
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
- risk 0.48cvss 7.4epss 0.00
The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a…
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.49cvss 7.5epss 0.01
An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
- risk 0.50cvss 8.8epss 0.02
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
- risk 0.51cvss 7.8epss 0.00
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.
- risk 0.49cvss 7.5epss 0.01
Genann through 2018-07-08 has a SEGV in genann_run in genann.c.
- risk 0.47cvss 7.3epss 0.00
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user…
- risk 0.49cvss 7.5epss 0.02
The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS…
- risk 0.49cvss 7.5epss 0.02
Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected…
- risk 0.49cvss 7.5epss 0.02
Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue…
- risk 0.51cvss 7.8epss 0.00
An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series;…
- risk 0.57cvss 8.8epss 0.02
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution.
- risk 0.57cvss 8.8epss 0.02
An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write,…
- risk 0.57cvss 8.8epss 0.03
An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based…
- risk 0.51cvss 7.8epss 0.02
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method.
- risk 0.51cvss 7.8epss 0.02
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method.
- risk 0.51cvss 7.8epss 0.02
An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote…
- risk 0.60cvss 8.8epss 0.03
Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.
- risk 0.58cvss 8.0epss 0.41
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
- risk 0.56cvss 7.2epss 0.72
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868.
- risk 0.51cvss 7.8epss 0.00
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.
- risk 0.49cvss 7.5epss 0.02
IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.
- risk 0.48cvss 7.2epss 0.12
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the…
- risk 0.46cvss 7.0epss 0.03
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10,…
- risk 0.52cvss 7.8epss 0.20
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
- risk 0.59cvss 8.8epss 0.17
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
- risk 0.49cvss 7.5epss 0.05
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
- risk 0.50cvss 7.5epss 0.13
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275,…
- risk 0.58cvss 8.8epss 0.13
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.
- risk 0.14cvss 7.5epss 0.75
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287,…
- risk 0.50cvss 7.5epss 0.16
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283,…
- risk 0.43cvss 7.5epss 0.19
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,…
- risk 0.02cvss 7.5epss 0.70
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…
- risk 0.43cvss 7.5epss 0.19
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,…
- risk 0.02cvss 7.5epss 0.70
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…
- risk 0.43cvss 7.5epss 0.16
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID…
- risk 0.43cvss 7.5epss 0.19
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,…
- risk 0.56cvss 8.1epss 0.43
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework…
- risk 0.43cvss 7.5epss 0.14
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288,…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…
- risk 0.52cvss 7.8epss 0.20
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office,…