Export limit exceeded: 41915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41915 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3825 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | N/A |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known. | ||||
| CVE-2018-3777 | 1 Restforce | 1 Restforce | 2024-11-21 | 9.8 Critical |
| Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | ||||
| CVE-2018-3745 | 1 Atob Project | 1 Atob | 2024-11-21 | 9.1 Critical |
| atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below. | ||||
| CVE-2018-3739 | 1 Https-proxy-agent Project | 1 Https-proxy-agent | 2024-11-21 | N/A |
| https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON). | ||||
| CVE-2018-3738 | 1 Protobufjs Project | 1 Protobufjs | 2024-11-21 | 5.5 Medium |
| protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. | ||||
| CVE-2018-3737 | 2 Joyent, Redhat | 2 Sshpk, Rhel Software Collections | 2024-11-21 | 7.5 High |
| sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. | ||||
| CVE-2018-3721 | 3 Lodash, Netapp, Redhat | 4 Lodash, Active Iq Unified Manager, System Manager and 1 more | 2024-11-21 | 6.5 Medium |
| lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2024-11-21 | 5.3 Medium |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | ||||
| CVE-2018-3670 | 1 Intel | 1 Intel Smart Sound Technology | 2024-11-21 | N/A |
| Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow. | ||||
| CVE-2018-3667 | 1 Intel | 1 Processor Diagnostic Tool | 2024-11-21 | N/A |
| Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation. | ||||
| CVE-2018-3661 | 1 Intel | 2 Selview, Syscfg | 2024-11-21 | N/A |
| Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service. | ||||
| CVE-2018-3657 | 2 Intel, Siemens | 25 Active Management Technology Firmware, Converged Security Management Engine Firmware, Manageability Engine Firmware and 22 more | 2024-11-21 | 6.7 Medium |
| Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. | ||||
| CVE-2018-3640 | 2 Arm, Intel | 199 Cortex-a, Atom C, Atom E and 196 more | 2024-11-21 | N/A |
| Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. | ||||
| CVE-2018-3629 | 1 Intel | 15 Active Management Technology Firmware, Core 2 Duo, Core 2 Extreme and 12 more | 2024-11-21 | 6.5 Medium |
| Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet. | ||||
| CVE-2018-3628 | 1 Intel | 17 Active Management Technology Firmware, Core 2 Duo, Core 2 Extreme and 14 more | 2024-11-21 | 8.8 High |
| Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet. | ||||
| CVE-2018-3624 | 1 Intel | 8 2g Modem Firmware, Sofia 3g, Sofia 3g-r and 5 more | 2024-11-21 | N/A |
| Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network. | ||||
| CVE-2018-3610 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A |
| SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition. | ||||
| CVE-2018-3594 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2024-11-21 | N/A |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings. | ||||
| CVE-2018-3591 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2024-11-21 | N/A |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target. | ||||
| CVE-2018-3589 | 1 Qualcomm | 10 Mdm9650, Mdm9650 Firmware, Mdm9655 and 7 more | 2024-11-21 | N/A |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer. | ||||