Export limit exceeded: 24565 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24565 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4036 | 1 Macpaw | 1 Cleanmymac X | 2024-11-21 | 5.5 Medium |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. | ||||
| CVE-2018-4035 | 1 Macpaw | 1 Cleanmymac X | 2024-11-21 | 5.5 Medium |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | ||||
| CVE-2018-4034 | 1 Macpaw | 1 Cleanmymac X | 2024-11-21 | 5.5 Medium |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | ||||
| CVE-2018-4033 | 1 Macpaw | 1 Cleanmymac X | 2024-11-21 | 5.5 Medium |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | ||||
| CVE-2018-4032 | 1 Macpaw | 1 Cleanmymac X | 2024-11-21 | 5.5 Medium |
| An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. | ||||
| CVE-2018-4007 | 1 Shimovpn | 1 Shimo Vpn | 2024-11-21 | 7.1 High |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. | ||||
| CVE-2018-4006 | 1 Shimovpn | 1 Shimo Vpn | 2024-11-21 | 7.8 High |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully. | ||||
| CVE-2018-4005 | 1 Shimovpn | 1 Shimo Vpn | 2024-11-21 | 7.8 High |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. | ||||
| CVE-2018-4004 | 1 Shimovpn | 1 Shimo Vpn | 2024-11-21 | 5.5 Medium |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit. | ||||
| CVE-2018-3988 | 1 Signal | 1 Private Messenger | 2024-11-21 | 4.7 Medium |
| Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system. | ||||
| CVE-2018-3987 | 1 Rakuten | 1 Viber | 2024-11-21 | 5.5 Medium |
| An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device. | ||||
| CVE-2018-3986 | 1 Telegram | 1 Telegram | 2024-11-21 | 5.5 Medium |
| An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device. | ||||
| CVE-2018-3948 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-11-21 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability. | ||||
| CVE-2018-3947 | 1 Yitechnology | 3 Yi Home, Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 8.1 High |
| An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. | ||||
| CVE-2018-3928 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 7.5 High |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | ||||
| CVE-2018-3854 | 1 Intuit | 1 Quicken 2018 | 2024-11-21 | 7.1 High |
| An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability. | ||||
| CVE-2018-3852 | 1 Onssi | 1 Ocularis | 2024-11-21 | 7.5 High |
| An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. | ||||
| CVE-2018-3846 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2024-11-21 | 8.8 High |
| In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | ||||
| CVE-2018-3840 | 1 Pixar | 1 Renderman | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | ||||
| CVE-2018-3831 | 2 Elastic, Redhat | 2 Elasticsearch, Jboss Fuse | 2024-11-21 | 8.8 High |
| Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details. | ||||