Total
322800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12464 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-11-21 | N/A |
| A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | ||||
| CVE-2018-12463 | 1 Hp | 1 Fortify Software Security Center | 2024-11-21 | 9.8 Critical |
| An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-12462 | 1 Netiq | 1 Imanager | 2024-11-21 | N/A |
| NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. | ||||
| CVE-2018-12461 | 1 Netiq | 1 Edirectory | 2024-11-21 | N/A |
| Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | ||||
| CVE-2018-12460 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
| libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. | ||||
| CVE-2018-12459 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
| An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
| CVE-2018-12458 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 6.5 Medium |
| An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | ||||
| CVE-2018-12457 | 1 Expresscart Project | 1 Expresscart | 2024-11-21 | N/A |
| expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | ||||
| CVE-2018-12456 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | N/A |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | ||||
| CVE-2018-12455 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | N/A |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. | ||||
| CVE-2018-12454 | 1 1000guess | 1 1000 Guess | 2024-11-21 | N/A |
| The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards. | ||||
| CVE-2018-12453 | 1 Redislabs | 1 Redis | 2024-11-21 | N/A |
| Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | ||||
| CVE-2018-12449 | 1 Navercorp | 1 Whale | 2024-11-21 | N/A |
| The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking. | ||||
| CVE-2018-12448 | 1 Navercorp | 1 Whale | 2024-11-21 | N/A |
| Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name. | ||||
| CVE-2018-12447 | 1 Libbpg Project | 1 Libbpg | 2024-11-21 | N/A |
| The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. | ||||
| CVE-2018-12446 | 1 Dropbox | 1 Dropbox | 2024-11-21 | N/A |
| An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred | ||||
| CVE-2018-12445 | 1 Dropbox | 1 Dropbox | 2024-11-21 | N/A |
| An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred | ||||
| CVE-2018-12441 | 1 Corsair | 1 Corsair Utility Engine | 2024-11-21 | N/A |
| The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service. | ||||
| CVE-2018-12440 | 1 Google | 1 Boringssl | 2024-11-21 | N/A |
| BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12439 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | N/A |
| MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||