Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-12245

    Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that ... Read more

    Affected Products : endpoint_protection
    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12244

    SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CS... Read more

    Affected Products : endpoint_protection
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12243

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The att... Read more

    Affected Products : messaging_gateway
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12242

    The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system... Read more

    Affected Products : messaging_gateway
    • Published: Sep. 19, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12241

    The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and... Read more

    Affected Products : security_analytics
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-12240

    The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate cr... Read more

    Affected Products : norton_password_manager
    • Published: Aug. 29, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12239

    Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior t... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12238

    Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior t... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12237

    The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system pr... Read more

    Affected Products : reporter
    • Published: Jan. 24, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12234

    A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parame... Read more

    Affected Products : adrenalin
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12233

    In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-12232

    In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the fi... Read more

    Affected Products : linux_kernel
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12230

    An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.... Read more

    Affected Products : remicoin
    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12229

    Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author f... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-12228

    An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the da... Read more

    Affected Products : open_source asterisk
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12227

    An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, t... Read more

    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12224

    Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authen... Read more

    Affected Products : graphics_driver windows
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2018-12223

    Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 p... Read more

    Affected Products : graphics_driver
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12222

    Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.63... Read more

    Affected Products : graphics_driver
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12221

    Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.63... Read more

    Affected Products : graphics_driver
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294420 Results