Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20001 | 1 Libav | 1 Libav | 2019-01-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. | |||||
| CVE-2018-19980 | 1 Anker | 2 Nebula Capsule Projector, Nebula Capsule Projector Firmware | 2019-01-03 | 7.8 HIGH | 7.5 HIGH |
| Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService. | |||||
| CVE-2018-11750 | 1 Puppet | 1 Cisco Ios Module | 2019-01-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. | |||||
| CVE-2018-9452 | 1 Google | 1 Android | 2018-12-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361 | |||||
| CVE-2018-9072 | 1 Lenovo | 1 Xclarity Integrator | 2018-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads. | |||||
| CVE-2018-3740 | 1 Sanitize Project | 1 Sanitize | 2018-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | |||||
| CVE-2018-9523 | 1 Google | 1 Android | 2018-12-27 | 7.2 HIGH | 7.8 HIGH |
| In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604 | |||||
| CVE-2018-9347 | 1 Google | 1 Android | 2018-12-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359 | |||||
| CVE-2017-18317 | 1 Qualcomm | 10 Msm8996au, Msm8996au Firmware, Sd 410 and 7 more | 2018-12-26 | 7.2 HIGH | 7.8 HIGH |
| Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A. | |||||
| CVE-2017-18318 | 1 Qualcomm | 24 Msm8996au, Msm8996au Firmware, Sd 410 and 21 more | 2018-12-26 | 10.0 HIGH | 9.8 CRITICAL |
| Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A. | |||||
| CVE-2018-6078 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-12-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2013-7108 | 2 Icinga, Nagios | 2 Icinga, Nagios | 2018-12-25 | 5.5 MEDIUM | N/A |
| Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. | |||||
| CVE-2018-13361 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | |||||
| CVE-2018-19755 | 1 Nasm | 1 Netwide Assembler | 2018-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. | |||||
| CVE-2018-11266 | 1 Google | 1 Android | 2018-12-21 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client. | |||||
| CVE-2015-6826 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2018-12-21 | 7.5 HIGH | N/A |
| The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. | |||||
| CVE-2015-6821 | 1 Ffmpeg | 1 Ffmpeg | 2018-12-21 | 7.5 HIGH | N/A |
| The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. | |||||
| CVE-2015-6825 | 1 Ffmpeg | 1 Ffmpeg | 2018-12-21 | 7.5 HIGH | N/A |
| The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file. | |||||
| CVE-2015-6824 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2018-12-21 | 7.5 HIGH | N/A |
| The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. | |||||
| CVE-2015-8217 | 1 Ffmpeg | 1 Ffmpeg | 2018-12-21 | 7.5 HIGH | N/A |
| The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data. | |||||