| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19241 | Hig | 0.49 | 7.5 | 0.02 | Dec 20, 2018 | Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | ||
| CVE-2018-19239 | Hig | 0.47 | 7.2 | 0.05 | Dec 20, 2018 | TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi… | ||
| CVE-2018-19134 | Hig | 0.51 | 7.8 | 0.03 | Dec 20, 2018 | In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type… | ||
| CVE-2018-18767 | Hig | 0.46 | 7.0 | 0.01 | Dec 20, 2018 | An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and… | ||
| CVE-2018-18629 | Hig | 0.54 | 7.8 | 0.01 | Dec 20, 2018 | An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. | ||
| CVE-2018-18442 | Hig | 0.49 | 7.5 | 0.01 | Dec 20, 2018 | D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified… | ||
| CVE-2018-18441 | Hig | 0.49 | 7.5 | 0.02 | Dec 20, 2018 | D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1,… | ||
| CVE-2017-9732 | Hig | 0.00 | 7.5 | 0.04 | Dec 20, 2018 | The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host. | ||
| CVE-2018-20216 | Hig | 0.49 | 7.5 | 0.04 | Dec 20, 2018 | QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | ||
| CVE-2018-20125 | Hig | 0.49 | 7.5 | 0.04 | Dec 20, 2018 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | ||
| CVE-2018-19005 | Hig | 0.51 | 7.8 | 0.02 | Dec 20, 2018 | Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute… | ||
| CVE-2018-15722 | Hig | 0.53 | 8.1 | 0.02 | Dec 20, 2018 | The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response. | ||
| CVE-2018-15331 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2018 | On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. | ||
| CVE-2018-15330 | Hig | 0.49 | 7.5 | 0.01 | Dec 20, 2018 | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core… | ||
| CVE-2018-15329 | Hig | 0.47 | 7.2 | 0.01 | Dec 20, 2018 | On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed… | ||
| CVE-2018-19234 | Hig | 0.57 | 8.8 | 0.03 | Dec 20, 2018 | The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation. | ||
| CVE-2018-19233 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2018 | COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. | ||
| CVE-2018-1000882 | Hig | 0.00 | 7.5 | 0.02 | Dec 20, 2018 | WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit… | ||
| CVE-2018-1000878 | Hig | 0.00 | 8.8 | 0.04 | Dec 20, 2018 | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible.… | ||
| CVE-2018-1000877 | Hig | 0.00 | 8.8 | 0.05 | Dec 20, 2018 | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0… | ||
| CVE-2018-1000876 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2018 | binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This… | ||
| CVE-2018-1000867 | Hig | 0.00 | 8.8 | 0.01 | Dec 20, 2018 | WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed… | ||
| CVE-2018-1000858 | Hig | 0.57 | 8.8 | 0.01 | Dec 20, 2018 | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in… | ||
| CVE-2018-1000857 | Hig | 0.57 | 8.8 | 0.03 | Dec 20, 2018 | log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the… | ||
| CVE-2018-11988 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed. | ||
| CVE-2018-11987 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic. | ||
| CVE-2018-11986 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver. | ||
| CVE-2018-11985 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer. | ||
| CVE-2018-11984 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver. | ||
| CVE-2018-11983 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table. | ||
| CVE-2018-11965 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. | ||
| CVE-2018-11964 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. | ||
| CVE-2018-11963 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver. | ||
| CVE-2018-11961 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations. | ||
| CVE-2018-11960 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel. | ||
| CVE-2018-1000850 | — | Hig | 0.42 | 7.5 | 0.04 | Dec 20, 2018 | Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to… | |
| CVE-2018-1000849 | Hig | 0.57 | 8.8 | 0.04 | Dec 20, 2018 | Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to… | ||
| CVE-2018-1000846 | Hig | 0.00 | 8.8 | 0.01 | Dec 20, 2018 | FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim… | ||
| CVE-2018-1000843 | — | Hig | 0.00 | 8.8 | 0.01 | Dec 20, 2018 | Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id,… | |
| CVE-2018-1000839 | Hig | 0.57 | 8.8 | 0.03 | Dec 20, 2018 | LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. | ||
| CVE-2018-1000817 | — | Hig | 0.49 | 7.5 | 0.03 | Dec 20, 2018 | Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be… | |
| CVE-2018-1000812 | Hig | 0.53 | 8.1 | 0.02 | Dec 20, 2018 | Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user… | ||
| CVE-2018-1000811 | Hig | 0.64 | 8.8 | 0.48 | Dec 20, 2018 | bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP… | ||
| CVE-2017-9704 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2018 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free. | ||
| CVE-2018-5200 | Hig | 0.51 | 7.8 | 0.02 | Dec 20, 2018 | KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and… | ||
| CVE-2018-5199 | Hig | 0.57 | 8.8 | 0.02 | Dec 20, 2018 | In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file. | ||
| CVE-2018-5198 | Hig | 0.53 | 8.1 | 0.01 | Dec 20, 2018 | In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution. | ||
| CVE-2018-1973 | Hig | 0.47 | 7.2 | 0.02 | Dec 20, 2018 | IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914. | ||
| CVE-2018-1784 | Hig | 0.46 | 7.1 | 0.02 | Dec 20, 2018 | IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807. | ||
| CVE-2018-1778 | Hig | 0.50 | 7.7 | 0.03 | Dec 20, 2018 | IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can… |
- risk 0.49cvss 7.5epss 0.02
Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).
- risk 0.47cvss 7.2epss 0.05
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi…
- risk 0.51cvss 7.8epss 0.03
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type…
- risk 0.46cvss 7.0epss 0.01
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with the credentials (username and…
- risk 0.54cvss 7.8epss 0.01
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
- risk 0.49cvss 7.5epss 0.01
D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified…
- risk 0.49cvss 7.5epss 0.02
D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1,…
- risk 0.00cvss 7.5epss 0.04
The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host.
- risk 0.49cvss 7.5epss 0.04
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
- risk 0.49cvss 7.5epss 0.04
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
- risk 0.51cvss 7.8epss 0.02
Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute…
- risk 0.53cvss 8.1epss 0.02
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
- risk 0.51cvss 7.8epss 0.01
On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system.
- risk 0.49cvss 7.5epss 0.01
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core…
- risk 0.47cvss 7.2epss 0.01
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed…
- risk 0.57cvss 8.8epss 0.03
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation.
- risk 0.51cvss 7.8epss 0.01
COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.
- risk 0.00cvss 7.5epss 0.02
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit…
- risk 0.00cvss 8.8epss 0.04
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible.…
- risk 0.00cvss 8.8epss 0.05
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0…
- risk 0.51cvss 7.8epss 0.01
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This…
- risk 0.00cvss 8.8epss 0.01
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed…
- risk 0.57cvss 8.8epss 0.01
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in…
- risk 0.57cvss 8.8epss 0.03
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the…
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel.
- risk 0.42cvss 7.5epss 0.04
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to…
- risk 0.57cvss 8.8epss 0.04
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to…
- risk 0.00cvss 8.8epss 0.01
FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim…
- risk 0.00cvss 8.8epss 0.01
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id,…
- risk 0.57cvss 8.8epss 0.03
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
- risk 0.49cvss 7.5epss 0.03
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be…
- risk 0.53cvss 8.1epss 0.02
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user…
- risk 0.64cvss 8.8epss 0.48
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP…
- risk 0.51cvss 7.8epss 0.00
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free.
- risk 0.51cvss 7.8epss 0.02
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and…
- risk 0.57cvss 8.8epss 0.02
In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file.
- risk 0.53cvss 8.1epss 0.01
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.
- risk 0.47cvss 7.2epss 0.02
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.
- risk 0.46cvss 7.1epss 0.02
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
- risk 0.50cvss 7.7epss 0.03
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can…