Export limit exceeded: 18512 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 24864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6472 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | N/A |
| In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. | ||||
| CVE-2018-6471 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | N/A |
| In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. | ||||
| CVE-2018-6470 | 2 Apple, Nibbleblog | 2 Macos, Nibbleblog | 2024-11-21 | N/A |
| Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak. | ||||
| CVE-2018-6460 | 1 Anchorfree | 1 Hotspot Shield | 2024-11-21 | N/A |
| Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address. | ||||
| CVE-2018-6459 | 1 Strongswan | 1 Strongswan | 2024-11-21 | N/A |
| The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. | ||||
| CVE-2018-6433 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | N/A |
| A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system. | ||||
| CVE-2018-6412 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | ||||
| CVE-2018-6407 | 1 Conceptronic | 3 Cipcamptiwl, Cipcamptiwl Firmware, Cipcamptiwl Web Firmware | 2024-11-21 | N/A |
| An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device. | ||||
| CVE-2018-6360 | 2 Debian, Mpv | 2 Debian Linux, Mpv | 2024-11-21 | N/A |
| mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. | ||||
| CVE-2018-6320 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-11-21 | N/A |
| A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. | ||||
| CVE-2018-6298 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | N/A |
| Remote code execution in Hanwha Techwin Smartcams | ||||
| CVE-2018-6293 | 1 Hyland | 1 Saperion Web Client | 2024-11-21 | N/A |
| Arbitrary File Read in Saperion Web Client version 7.5.2 83166. | ||||
| CVE-2018-6267 | 1 Google | 1 Android | 2024-11-21 | N/A |
| NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947. | ||||
| CVE-2018-6266 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | N/A |
| NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. | ||||
| CVE-2018-6262 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | N/A |
| NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure. | ||||
| CVE-2018-6260 | 1 Nvidia | 1 Gpu Driver | 2024-11-21 | N/A |
| NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. | ||||
| CVE-2018-6259 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | N/A |
| NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible. | ||||
| CVE-2018-6254 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. | ||||
| CVE-2018-6246 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. | ||||
| CVE-2018-6243 | 1 Google | 1 Android | 2024-11-21 | N/A |
| NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A. | ||||