Search Results (83056 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-6353 1 Electrum 1 Electrum 2024-11-21 N/A
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.
CVE-2018-6345 1 Facebook 1 Hhvm 2024-11-21 9.8 Critical
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).
CVE-2018-6313 1 Wbce 1 Wbce Cms 2024-11-21 N/A
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.
CVE-2018-6304 1 Gemalto 1 Sentinel Ldk Rte 2024-11-21 N/A
Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service
CVE-2018-6291 1 Kaspersky 1 Secure Mail Gateway 2024-11-21 N/A
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6289 1 Kaspersky 1 Secure Mail Gateway 2024-11-21 N/A
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6269 1 Nvidia 1 Jetson Tx2 2024-11-21 N/A
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3.
CVE-2018-6261 1 Nvidia 1 Geforce Experience 2024-11-21 N/A
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
CVE-2018-6240 1 Google 1 Android 2024-11-21 N/A
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address
CVE-2018-6235 2 Microsoft, Trendmicro 5 Windows, Antivirus\+, Internet Security and 2 more 2024-11-21 N/A
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-6231 1 Trendmicro 1 Smart Protection Server 2024-11-21 N/A
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
CVE-2018-6227 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 N/A
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.
CVE-2018-6226 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 N/A
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.
CVE-2018-6222 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 N/A
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.
CVE-2018-6220 1 Trendmicro 1 Email Encryption Gateway 2024-11-21 N/A
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
CVE-2018-6213 2 D-link, Dlink 2 Dir-620 Firmware, Dir-620 2024-11-21 N/A
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
CVE-2018-6212 2 D-link, Dlink 2 Dir-620 Firmware, Dir-620 2024-11-21 N/A
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object.
CVE-2018-6211 2 D-link, Dlink 2 Dir-620 Firmware, Dir-620 2024-11-21 N/A
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6210 1 Dlink 2 Dir-620, Dir-620 Firmware 2024-11-21 9.8 Critical
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.
CVE-2018-6194 1 Splashing Images Project 1 Splashing Images 2024-11-21 N/A
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.