Skip to main content
CVE-2018-9559 HIGH This Week

In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9558 HIGH This Week

In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-9557 HIGH This Week

In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9553 HIGH PATCH This Week

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google RCE Android
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2018-9551 HIGH PATCH This Week

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2018-9550 HIGH PATCH This Week

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2018-9549 HIGH PATCH This Week

In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2018-9547 HIGH PATCH This Week

In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-9538 HIGH PATCH This Week

In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Privilege Escalation Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-9565 HIGH This Week

In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2018-9562 HIGH This Week

In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2018-15332 HIGH This Week

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Apple Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-19921 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-18362 MEDIUM This Month

Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Norton Password Manager
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1504 MEDIUM This Month

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure I2 Enterprise Insight Analysis
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-16598 MEDIUM PATCH This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-1525 MEDIUM This Month

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure I2 Enterprise Insight Analysis
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-19665 MEDIUM PATCH This Month

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Qemu Leap
NVD
CVSS 3.1
5.7
EPSS
0.9%
CVE-2018-9566 MEDIUM This Month

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2018-9554 MEDIUM This Month

In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9552 MEDIUM PATCH This Month

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-9548 MEDIUM PATCH This Month

In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2018-1871 MEDIUM PATCH This Month

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1935 MEDIUM PATCH This Month

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-1505 LOW Monitor

IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure I2 Enterprise Insight Analysis
NVD
CVSS 3.0
3.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy