# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
16601 |
CVE-2018-6307 |
416 |
|
Exec Code |
2018-12-19 |
2019-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. |
16602 |
CVE-2018-6306 |
426 |
|
Exec Code |
2018-04-19 |
2018-05-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. |
16603 |
CVE-2018-6305 |
|
|
DoS |
2018-03-13 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Denial of service in Gemalto's Sentinel LDK RTE version before 7.65 |
16604 |
CVE-2018-6304 |
119 |
|
DoS Overflow |
2018-03-13 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service |
16605 |
CVE-2018-6303 |
|
|
DoS |
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams |
16606 |
CVE-2018-6302 |
|
|
DoS |
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams |
16607 |
CVE-2018-6301 |
|
|
|
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams |
16608 |
CVE-2018-6300 |
|
|
|
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Remote password change in Hanwha Techwin Smartcams |
16609 |
CVE-2018-6299 |
287 |
|
Bypass |
2018-03-13 |
2018-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Authentication bypass in Hanwha Techwin Smartcams |
16610 |
CVE-2018-6298 |
20 |
|
Exec Code |
2018-03-13 |
2018-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Remote code execution in Hanwha Techwin Smartcams |
16611 |
CVE-2018-6297 |
119 |
|
Overflow |
2018-03-13 |
2018-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Hanwha Techwin Smartcams |
16612 |
CVE-2018-6296 |
|
|
|
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams |
16613 |
CVE-2018-6295 |
319 |
|
|
2018-03-13 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unencrypted way of remote control and communications in Hanwha Techwin Smartcams |
16614 |
CVE-2018-6294 |
287 |
|
|
2018-03-13 |
2018-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unsecured way of firmware update in Hanwha Techwin Smartcams |
16615 |
CVE-2018-6293 |
200 |
|
+Info |
2018-02-13 |
2018-03-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Arbitrary File Read in Saperion Web Client version 7.5.2 83166. |
16616 |
CVE-2018-6292 |
|
|
Exec Code |
2018-02-13 |
2019-10-02 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Remote Code Execution in Saperion Web Client version 7.5.2 83166. |
16617 |
CVE-2018-6291 |
79 |
|
XSS |
2018-02-06 |
2018-02-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. |
16618 |
CVE-2018-6290 |
|
|
|
2018-02-06 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. |
16619 |
CVE-2018-6289 |
74 |
|
Exec Code |
2018-02-06 |
2018-02-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. |
16620 |
CVE-2018-6288 |
352 |
|
CSRF |
2018-02-06 |
2018-03-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. |
16621 |
CVE-2018-6271 |
119 |
|
DoS Overflow |
2019-02-13 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474. |
16622 |
CVE-2018-6269 |
732 |
|
DoS Exec Code |
2019-04-12 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3. |
16623 |
CVE-2018-6268 |
416 |
|
DoS |
2019-02-13 |
2019-04-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161. |
16624 |
CVE-2018-6267 |
20 |
|
DoS |
2019-02-13 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947. |
16625 |
CVE-2018-6265 |
|
|
|
2018-11-27 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser. |
16626 |
CVE-2018-6263 |
|
|
|
2018-11-27 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges. |
16627 |
CVE-2018-6261 |
276 |
|
DoS Exec Code |
2018-10-02 |
2019-10-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access. |
16628 |
CVE-2018-6257 |
284 |
|
DoS |
2018-08-31 |
2019-10-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both. |
16629 |
CVE-2018-6253 |
835 |
|
DoS |
2018-04-02 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. |
16630 |
CVE-2018-6252 |
|
|
DoS |
2018-04-02 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service. |
16631 |
CVE-2018-6251 |
119 |
|
DoS Exec Code Overflow |
2018-04-02 |
2018-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution. |
16632 |
CVE-2018-6250 |
476 |
|
DoS |
2018-04-02 |
2018-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges. |
16633 |
CVE-2018-6249 |
476 |
|
DoS |
2018-04-02 |
2018-05-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. |
16634 |
CVE-2018-6248 |
125 |
|
DoS |
2018-04-02 |
2018-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges. |
16635 |
CVE-2018-6247 |
476 |
|
DoS |
2018-04-02 |
2018-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. |
16636 |
CVE-2018-6246 |
200 |
|
+Info |
2018-05-10 |
2018-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. |
16637 |
CVE-2018-6243 |
20 |
|
DoS Exec Code |
2019-05-07 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A. |
16638 |
CVE-2018-6242 |
119 |
|
Exec Code Overflow |
2018-05-01 |
2018-06-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code. |
16639 |
CVE-2018-6241 |
20 |
|
DoS Exec Code |
2019-01-31 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High Version: N/A. |
16640 |
CVE-2018-6240 |
264 |
|
|
2019-09-06 |
2019-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address |
16641 |
CVE-2018-6237 |
400 |
|
DoS |
2018-05-25 |
2018-06-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. |
16642 |
CVE-2018-6236 |
362 |
|
Exec Code |
2018-05-25 |
2018-06-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
16643 |
CVE-2018-6235 |
787 |
|
Exec Code |
2018-05-25 |
2018-06-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
16644 |
CVE-2018-6233 |
120 |
|
Exec Code Overflow |
2018-05-25 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
16645 |
CVE-2018-6232 |
120 |
|
Exec Code Overflow |
2018-05-25 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
16646 |
CVE-2018-6231 |
78 |
|
Bypass |
2018-03-15 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations. |
16647 |
CVE-2018-6230 |
89 |
|
Exec Code Sql |
2018-03-15 |
2018-04-04 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. |
16648 |
CVE-2018-6229 |
89 |
|
Exec Code Sql |
2018-03-15 |
2018-04-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. |
16649 |
CVE-2018-6228 |
89 |
|
Exec Code Sql |
2018-03-15 |
2018-04-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system. |
16650 |
CVE-2018-6225 |
611 |
|
|
2018-03-15 |
2018-04-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. |