CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2018-7906 Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious app... | N/A | NONE | — | 0 |
| CVE-2018-7921 Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information. | N/A | NONE | — | 0 |
| CVE-2018-12149 Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access. | N/A | NONE | — | 0 |
| CVE-2018-7922 Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has r... | N/A | NONE | — | 0 |
| CVE-2018-7923 Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has r... | N/A | NONE | — | 0 |
| CVE-2018-7939 Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the ... | N/A | NONE | — | 0 |
| CVE-2018-13411 An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed ... | N/A | NONE | — | 0 |
| CVE-2018-13412 An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In... | N/A | NONE | — | 0 |
| CVE-2018-15502 Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. | N/A | NONE | — | 0 |
| CVE-2018-15834 In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | N/A | NONE | — | 0 |
| CVE-2018-16388 e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | N/A | NONE | — | 0 |
| CVE-2018-16389 e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | N/A | NONE | — | 0 |
| CVE-2018-16605 D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | 5.4 | MEDIUM | — | 0 |
| CVE-2018-16726 razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. | N/A | NONE | — | 0 |
| CVE-2018-16727 razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. | N/A | NONE | — | 0 |
| CVE-2018-16728 feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. | N/A | NONE | — | 0 |
| CVE-2018-16729 Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | N/A | NONE | — | 0 |
| CVE-2018-7572 Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the syste... | N/A | NONE | — | 0 |
| CVE-2018-12148 Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access. | N/A | NONE | — | 0 |
| CVE-2018-12151 Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via loca... | N/A | NONE | — | 0 |
| CVE-2018-12160 DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory pe... | N/A | NONE | — | 0 |
| CVE-2018-12162 Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local acce... | N/A | NONE | — | 0 |
| CVE-2018-12163 A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access. | N/A | NONE | — | 0 |
| CVE-2018-12168 Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access... | N/A | NONE | — | 0 |
| CVE-2018-12171 Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of serv... | N/A | NONE | — | 0 |
| CVE-2018-12175 Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. | N/A | NONE | — | 0 |
| CVE-2018-12176 Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of... | N/A | NONE | — | 0 |
| CVE-2018-16980 dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | N/A | NONE | — | 0 |
| CVE-2018-3616 Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key vi... | 5.9 | MEDIUM | — | 0 |
| CVE-2018-3643 A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R... | N/A | NONE | — | 0 |
| CVE-2018-3655 A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an u... | N/A | NONE | — | 0 |
| CVE-2018-3657 Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via lo... | 6.7 | MEDIUM | — | 0 |
| CVE-2018-3658 Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via netwo... | 5.3 | MEDIUM | — | 0 |
| CVE-2018-3659 A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via phy... | N/A | NONE | — | 0 |
| CVE-2018-3669 A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection... | N/A | NONE | — | 0 |
| CVE-2018-3679 Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. | N/A | NONE | — | 0 |
| CVE-2018-3686 Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. | N/A | NONE | — | 0 |
| CVE-2018-16962 Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. | N/A | NONE | — | 0 |
| CVE-2018-16970 Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. | N/A | NONE | — | 0 |
| CVE-2018-16971 Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | N/A | NONE | — | 0 |
| CVE-2018-15610 A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 thr... | N/A | NONE | — | 0 |
| CVE-2018-16974 An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file... | N/A | NONE | — | 0 |
| CVE-2018-16975 An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjuncti... | N/A | NONE | — | 0 |
| CVE-2018-16976 Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migrati... | N/A | NONE | — | 0 |
| CVE-2018-16977 Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php. | N/A | NONE | — | 0 |
| CVE-2018-16978 Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | N/A | NONE | — | 0 |
| CVE-2018-16981 stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | 8.8 | HIGH | — | 0 |
| CVE-2018-0965 A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote ... | N/A | NONE | — | 0 |
| CVE-2018-8269 A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData. | N/A | NONE | — | 0 |
| CVE-2018-8271 An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability."... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.