Latest CVE Feed
-
7.5
HIGHCVE-2018-12025
The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment ... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-12023
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an ... Read more
- Published: Mar. 21, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the c... Read more
- Published: Mar. 21, 2019
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2018-12021
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.... Read more
Affected Products : singularity- Published: Jul. 05, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. Fo... Read more
- Published: Jun. 08, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-12019
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public... Read more
Affected Products : enigmail- Published: Jun. 13, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-12018
The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service atta... Read more
Affected Products : go_ethereum- Published: Jul. 05, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-12016
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.... Read more
Affected Products : epiphany- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-12015
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.... Read more
Affected Products : ubuntu_linux debian_linux data_ontap_edge oncommand_workflow_automation mac_os_x snapdrive snap_creator_framework perl \- Published: Jun. 07, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-12014
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.... Read more
Affected Products : android- Published: Feb. 11, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-12013
Improper authentication in locked memory region can lead to unprivilged access to the memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd... Read more
Affected Products : sd_8cx_firmware sdm660_firmware sd_835_firmware qcs605_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware sda660_firmware sd_636_firmware mdm9655_firmware +40 more products- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-12012
While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be compromised in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... Read more
Affected Products : sd_8cx_firmware sd_835_firmware qcs605_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware mdm9655_firmware sd_410_firmware sd_412_firmware sd_210_firmware +32 more products- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-12011
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.... Read more
Affected Products : android- Published: Feb. 11, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-12010
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.... Read more
Affected Products : android- Published: Feb. 11, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-12006
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.... Read more
Affected Products : android- Published: Feb. 11, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-12005
An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_450_firmware sd_625_firmware sd_820a_firmware sd_835_firmware mdm9150_firmware qcs605_firmware sd_675_firmware sdx24_firmware +60 more products- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-12004
Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon We... Read more
Affected Products : sd_8cx_firmware sdm660_firmware sd_835_firmware qcs605_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware sda660_firmware sd_636_firmware mdm9655_firmware +40 more products- Published: May. 24, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-11999
Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 8... Read more
Affected Products : sdm660_firmware msm8996au_firmware sd_820_firmware sd_820a_firmware sd_835_firmware sdx24_firmware mdm9650_firmware mdm9206_firmware mdm9607_firmware mdm9635m_firmware +32 more products- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
7.9
HIGHCVE-2018-11998
While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA6... Read more
Affected Products : android sdm660_firmware sd_450_firmware sd_625_firmware sd_835_firmware mdm9206_firmware mdm9607_firmware sda660_firmware sd_636_firmware sdm630_firmware +21 more products- Published: Jan. 18, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-11996
When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600,... Read more
Affected Products : msm8996au_firmware sd_820_firmware sd_820a_firmware sd_835_firmware sdx24_firmware mdm9650_firmware msm8909w_firmware sdx20_firmware mdm9206_firmware mdm9607_firmware +22 more products- Published: Nov. 28, 2018
- Modified: Nov. 21, 2024