CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2018-0810 665 2018-02-15 2020-08-24
1.9
None Local Medium Not required Partial None None
The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.
752 CVE-2018-0757 2018-02-15 2020-08-24
1.9
None Local Medium Not required Partial None None
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810.
753 CVE-2018-0747 2018-01-04 2020-08-24
1.9
None Local Medium Not required Partial None None
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746.
754 CVE-2018-0746 665 2018-01-04 2020-08-24
1.9
None Local Medium Not required Partial None None
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747.
755 CVE-2018-0745 665 2018-01-04 2020-08-24
1.9
None Local Medium Not required Partial None None
The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.
756 CVE-2018-0498 2018-07-28 2020-02-10
1.9
None Local Medium Not required Partial None None
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
757 CVE-2018-0495 203 2018-06-13 2020-08-24
1.9
None Local Medium Not required Partial None None
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
758 CVE-2017-1000449 Overflow 2018-01-02 2018-01-02
0.0
None ??? ??? ??? ??? ??? ???
BitThunder 0.9.2 stable is vulnerable to a buffer overflow in dtb_reverse.c file resulting in information disclosure
759 CVE-2017-1000401 20 2018-01-26 2019-05-08
1.2
None Local High Not required Partial None None
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged.
760 CVE-2017-18869 367 2020-06-15 2020-06-17
1.9
None Local Medium Not required None Partial None
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
761 CVE-2017-18428 200 +Info 2019-08-02 2019-08-12
1.9
None Local Medium Not required Partial None None
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
762 CVE-2017-18425 275 2019-08-02 2019-08-09
1.9
None Local Medium Not required Partial None None
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
763 CVE-2017-18412 532 2019-08-02 2019-08-12
1.9
None Local Medium Not required Partial None None
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
764 CVE-2017-18391 200 +Info 2019-08-02 2019-08-09
1.9
None Local Medium Not required Partial None None
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
765 CVE-2017-18224 362 DoS 2018-03-12 2018-05-03
1.9
None Local Medium Not required None None Partial
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
766 CVE-2017-18203 362 DoS 2018-02-27 2018-06-20
1.9
None Local Medium Not required None None Partial
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
767 CVE-2017-18018 362 2018-01-04 2018-01-19
1.9
None Local Medium Not required None Partial None
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
768 CVE-2017-17449 200 +Info 2017-12-07 2018-05-31
1.9
None Local Medium Not required Partial None None
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
769 CVE-2017-16911 200 +Info 2018-01-31 2018-08-24
1.9
None Local Medium Not required Partial None None
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
770 CVE-2017-16355 200 +Info 2017-12-14 2019-10-28
1.2
None Local High Not required Partial None None
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
771 CVE-2017-16012 Exec Code 2018-06-04 2018-06-04
0.0
None ??? ??? ??? ??? ??? ???
Jquery is a javascript library for DOM traversal and manipulation, event handling, animation, and Ajax. When text/javascript responses are received from cross-origin ajax requests not containing the option `dataType`, the result is executed in `jQuery.globalEval` potentially allowing an attacker to execute arbitrary code on the origin. This affects Jquery >=1.4.0 <=1.11.3 || >=1.12.4 <=2.2.4.
772 CVE-2017-16011 2018-06-04 2018-06-04
0.0
None ??? ??? ??? ??? ??? ???
jQuery is a javascript library for DOM manipulation. jQuery's main method in affected versions (>=1.7.1 <=1.8.3) contains an unreliable way of detecting whether the input to the `jQuery(strInput)` function is intended to be a selector or HTML.
773 CVE-2017-15307 2017-12-22 2019-10-03
1.9
None Local Medium Not required None Partial None
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.
774 CVE-2017-15078 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris TG2492 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15064. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Virgin Media.
775 CVE-2017-15077 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal CH7465-LG devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15067. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from UPC.
776 CVE-2017-15076 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra branded NETGEAR C6300BD devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Telstra. NOTE: NETGEAR states "This vulnerability does not affect the following products: C6300BD-Telstra."
777 CVE-2017-15075 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Technicolor (formerly branded as Cisco) devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Technicolor.
778 CVE-2017-15074 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from SMC.
779 CVE-2017-15073 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Samsung.
780 CVE-2017-15072 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Quantenna.
781 CVE-2017-15071 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, CM700, and CMD31T devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from NETGEAR.
782 CVE-2017-15070 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Linksys.
783 CVE-2017-15069 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Hitron.
784 CVE-2017-15068 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Comcast.
785 CVE-2017-15067 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Compal.
786 CVE-2017-15066 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from AVM.
787 CVE-2017-15065 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from ASUS.
788 CVE-2017-15064 DoS 2017-10-06 2017-10-06
0.0
None ??? ??? ??? ??? ??? ???
The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Arris.
789 CVE-2017-15038 362 +Info 2017-10-10 2018-09-07
1.9
None Local Medium Not required Partial None None
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
790 CVE-2017-14937 327 2017-10-20 2018-03-28
1.9
None Local Medium Not required Partial None None
The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment.
791 CVE-2017-14159 665 Exec Code 2017-09-05 2019-10-03
1.9
None Local Medium Not required None None Partial
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
792 CVE-2017-13826 +Priv 2017-11-12 2017-11-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "Postfix" product. Versions before 3.2.2 might allow local users to gain privileges or have unspecified other impact.
793 CVE-2017-13721 269 2017-10-10 2019-10-03
1.9
None Local Medium Not required None None Partial
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.
794 CVE-2017-13679 DoS 2017-10-10 2019-10-03
1.4
None Local Network High ??? None None Partial
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
795 CVE-2017-13275 125 2018-04-04 2018-05-09
1.9
None Local Medium Not required Partial None None
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.
796 CVE-2017-13103 2018-08-15 2018-08-15
0.0
None ??? ??? ??? ??? ??? ???
Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
797 CVE-2017-12880 2017-08-16 2017-08-16
0.0
None ??? ??? ??? ??? ??? ???
In PyJWT 1.5.0 and below the 'invalid_strings' check in 'HMACAlgorithm.prepare_key' does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string '-----BEGIN RSA PUBLIC KEY-----' which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
798 CVE-2017-12618 125 DoS 2017-10-24 2018-10-31
1.9
None Local Medium Not required None None Partial
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.
799 CVE-2017-11880 200 +Info 2017-11-15 2017-12-05
1.9
None Local Medium Not required Partial None None
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831.
800 CVE-2017-11852 200 +Info 2017-11-15 2017-12-01
1.9
None Local Medium Not required Partial None None
Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability".
Total number of vulnerabilities : 1738   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.