Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3852 | 1 Onssi | 1 Ocularis | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2018-3840 | 1 Pixar | 1 Renderman | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | |||||
| CVE-2018-3777 | 1 Restforce | 1 Restforce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | |||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | |||||
| CVE-2018-3772 | 1 Whereis Project | 1 Whereis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. | |||||
| CVE-2018-3753 | 1 Merge-object Project | 1 Merge-object | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3752 | 1 Merge-options Project | 1 Merge-options | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3751 | 1 Umbraengineering | 1 Merge-recursive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3750 | 1 Deep Extend Project | 1 Deep Extend | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3749 | 1 Deap Project | 1 Deap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3740 | 1 Sanitize Project | 1 Sanitize | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | |||||
| CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3719 | 1 Mixin-deep Project | 1 Mixin-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3650 | 1 Intel | 1 Distribution For Python | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. | |||||
| CVE-2018-3634 | 1 Intel | 1 Online Connect Access | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | |||||
| CVE-2018-3612 | 1 Intel | 18 Ayaplcel.86a, Bios, Bnkbl357.86a and 15 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). | |||||
| CVE-2018-3611 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access. | |||||
| CVE-2018-3597 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur. | |||||
| CVE-2018-3582 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-3574 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS. | |||||