Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-11266

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client.... Read more

    Affected Products : android
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11265

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond... Read more

    Affected Products : android
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11264

    Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 21... Read more

    • Published: Nov. 28, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11263

    In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received... Read more

    Affected Products : android
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11262

    In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHea... Read more

    Affected Products : android
    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11261

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected.... Read more

    Affected Products : android
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11260

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero.... Read more

    Affected Products : android
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2018-11259

    Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the... Read more

    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11258

    In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820... Read more

    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11257

    Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.... Read more

    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11256

    An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11255

    An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11254

    An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related... Read more

    Affected Products : podofo
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11251

    In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN ... Read more

    Affected Products : imagemagick
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11248

    util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.... Read more

    Affected Products : filedownloader
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11247

    The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81.... Read more

    Affected Products : bwise
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11246

    K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.... Read more

    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11245

    app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.... Read more

    Affected Products : misp
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-11244

    The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor.... Read more

    Affected Products : bbe_theme
    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11242

    An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com... Read more

    Affected Products : makemytrip
    • Published: May. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294274 Results