Export limit exceeded: 24545 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24545 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17502 | 1 Thereceptionist | 1 The Receptionist For Ipad | 2024-11-21 | N/A |
| The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails. | ||||
| CVE-2018-17484 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | N/A |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database. | ||||
| CVE-2018-17483 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | N/A |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's license column, an attacker could exploit this vulnerability to view the driver's license number and other personal information. | ||||
| CVE-2018-17482 | 1 Jollytech | 1 Lobby Track | 2024-11-21 | N/A |
| Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports, an attacker could exploit this vulnerability to gain access to all visitor records and obtain sensitive information. | ||||
| CVE-2018-17472 | 4 Apple, Debian, Google and 1 more | 6 Iphone Os, Debian Linux, Chrome and 3 more | 2024-11-21 | N/A |
| Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. | ||||
| CVE-2018-17468 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | ||||
| CVE-2018-17460 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||||
| CVE-2018-17438 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | ||||
| CVE-2018-17434 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | ||||
| CVE-2018-17404 | 1 Sbi | 1 Sbi Buddy | 2024-11-21 | N/A |
| The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. | ||||
| CVE-2018-17402 | 1 Phonepe | 1 Phonepe | 2024-11-21 | N/A |
| The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots | ||||
| CVE-2018-17246 | 2 Elastic, Redhat | 3 Kibana, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||
| CVE-2018-17245 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A |
| Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. | ||||
| CVE-2018-17244 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | N/A |
| Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to. | ||||
| CVE-2018-17237 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. | ||||
| CVE-2018-17233 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | ||||
| CVE-2018-17216 | 1 Ptc | 1 Thingworx Platform | 2024-11-21 | N/A |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users. | ||||
| CVE-2018-17211 | 1 Printeron | 1 Central Print Services | 2024-11-21 | N/A |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | ||||
| CVE-2018-17205 | 3 Canonical, Openvswitch, Redhat | 4 Ubuntu Linux, Openvswitch, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. | ||||
| CVE-2018-17204 | 4 Canonical, Debian, Openvswitch and 1 more | 5 Ubuntu Linux, Debian Linux, Openvswitch and 2 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. | ||||