Total
324452 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18096 | 1 Intel | 1 Quickassist Technology For Linux | 2024-11-21 | N/A |
| Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2018-18095 | 1 Intel | 4 Ssd Dc S4500, Ssd Dc S4500 Firmware, Ssd Dc S4600 and 1 more | 2024-11-21 | N/A |
| Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access. | ||||
| CVE-2018-18094 | 1 Intel | 1 Media Sdk | 2024-11-21 | N/A |
| Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2018-18093 | 1 Intel | 1 Vtune Amplifier | 2024-11-21 | N/A |
| Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. | ||||
| CVE-2018-18091 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access. | ||||
| CVE-2018-18090 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2018-18089 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | N/A |
| OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | ||||
| CVE-2018-18087 | 1 Bixie | 1 Portfolio | 2024-11-21 | N/A |
| The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. | ||||
| CVE-2018-18086 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | ||||
| CVE-2018-18084 | 1 Comsenz | 1 Duomicms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter. | ||||
| CVE-2018-18083 | 1 Comsenz | 1 Duomicms | 2024-11-21 | N/A |
| An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing. | ||||
| CVE-2018-18082 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | N/A |
| XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | ||||
| CVE-2018-18075 | 1 Wikidforum Project | 1 Wikidforum | 2024-11-21 | N/A |
| WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | ||||
| CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 8 Ubuntu Linux, Leap, Requests and 5 more | 2024-11-21 | 7.5 High |
| The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | ||||
| CVE-2018-18073 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | 6.3 Medium |
| Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | ||||
| CVE-2018-18071 | 1 Mercedes-benz | 1 Mercedes Me | 2024-11-21 | N/A |
| An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel. | ||||
| CVE-2018-18070 | 1 Mercedes-benz | 2 C-class, Comand | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.) | ||||
| CVE-2018-18069 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A |
| process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | ||||
| CVE-2018-18068 | 1 Raspberrypi | 2 Raspberry Pi 3 Model B\+, Raspberry Pi 3 Model B\+ Firmware | 2024-11-21 | N/A |
| The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3. | ||||