Total
11423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16080 | 2 Apple, Google | 2 Macos, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2018-16068 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2018-16064 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2018-15960 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite. | |||||
| CVE-2018-15888 | 1 Aspcms | 1 Aspcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly. | |||||
| CVE-2018-15885 | 1 Ovation | 1 Findme | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques. | |||||
| CVE-2018-15876 | 1 Ajax Bootmodal Login Project | 1 Ajax Bootmodal Login | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation. | |||||
| CVE-2018-15832 | 1 Ubisoft | 1 Uplay | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. | |||||
| CVE-2018-15818 | 1 Reputeinfosystems | 1 Repute Arforms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php. | |||||
| CVE-2018-15778 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). | |||||
| CVE-2018-15747 | 1 Glot | 1 Glot-www | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file. | |||||
| CVE-2018-15738 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F. | |||||
| CVE-2018-15737 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002043. | |||||
| CVE-2018-15736 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F. | |||||
| CVE-2018-15735 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206F. | |||||
| CVE-2018-15734 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B. | |||||
| CVE-2018-15732 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063. | |||||
| CVE-2018-15731 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000205B. | |||||
| CVE-2018-15730 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002067. | |||||
| CVE-2018-15729 | 1 Stopzilla | 1 Antimalware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B. | |||||