ReportizFlow
Filtered by vendor
Subscriptions
Total
322985 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12448 | 1 Navercorp | 1 Whale | 2024-11-21 | N/A |
| Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name. | ||||
| CVE-2018-12447 | 1 Libbpg Project | 1 Libbpg | 2024-11-21 | N/A |
| The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. | ||||
| CVE-2018-12446 | 1 Dropbox | 1 Dropbox | 2024-11-21 | N/A |
| An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred | ||||
| CVE-2018-12445 | 1 Dropbox | 1 Dropbox | 2024-11-21 | N/A |
| An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred | ||||
| CVE-2018-12441 | 1 Corsair | 1 Corsair Utility Engine | 2024-11-21 | N/A |
| The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service. | ||||
| CVE-2018-12440 | 1 Google | 1 Boringssl | 2024-11-21 | N/A |
| BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12439 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | N/A |
| MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12438 | 1 Libsunec Project | 1 Libsunec | 2024-11-21 | 4.9 Medium |
| The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12437 | 2 Libtom, Linaro | 2 Libtomcrypt, Op-tee | 2024-11-21 | 4.9 Medium |
| LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12436 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | N/A |
| wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12435 | 1 Botan Project | 1 Botan | 2024-11-21 | N/A |
| Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12434 | 1 Openbsd | 1 Libressl | 2024-11-21 | N/A |
| LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2018-12433 | 1 Cryptlib | 1 Cryptlib | 2024-11-21 | 4.9 Medium |
| cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model | ||||
| CVE-2018-12432 | 1 Javamelody Project | 1 Javamelody | 2024-11-21 | N/A |
| JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. | ||||
| CVE-2018-12431 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). | ||||
| CVE-2018-12429 | 1 Jeesns | 1 Jeesns | 2024-11-21 | N/A |
| JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | ||||
| CVE-2018-12426 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | ||||
| CVE-2018-12423 | 1 Matrix | 1 Synapse | 2024-11-21 | N/A |
| In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | ||||
| CVE-2018-12422 | 1 Gnome | 1 Evolution | 2024-11-21 | N/A |
| addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap. | ||||
| CVE-2018-12421 | 1 Ltb-project | 1 Ldap Tool Box Self Service Password | 2024-11-21 | N/A |
| LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | ||||