Total
34060 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9859 | 1 Navercorp | 1 Whale | 2024-11-21 | N/A |
| The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications. | ||||
| CVE-2018-9849 | 1 Pulsesecure | 1 Pulse Connect Secure | 2024-11-21 | N/A |
| Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document. | ||||
| CVE-2018-9840 | 1 Signal | 1 Signal | 2024-11-21 | N/A |
| The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button. | ||||
| CVE-2018-9580 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. | ||||
| CVE-2018-9567 | 1 Google | 1 Android | 2024-11-21 | N/A |
| On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936. | ||||
| CVE-2018-9525 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 | ||||
| CVE-2018-9515 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A | ||||
| CVE-2018-9501 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 | ||||
| CVE-2018-9438 | 1 Google | 1 Android | 2024-11-21 | N/A |
| When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887. | ||||
| CVE-2018-9326 | 1 Etherpad | 1 Etherpad | 2024-11-21 | N/A |
| Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code. | ||||
| CVE-2018-9310 | 2 Linux, Magnicomp | 2 Linux Kernel, Sysinfo | 2024-11-21 | N/A |
| An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system. | ||||
| CVE-2018-9263 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. | ||||
| CVE-2018-9191 | 1 Fortinet | 1 Forticlient | 2024-11-21 | N/A |
| A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. | ||||
| CVE-2018-9129 | 1 Zyxel | 34 Usg 110, Usg 1100, Usg 1100 Firmware and 31 more | 2024-11-21 | N/A |
| ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. | ||||
| CVE-2018-9091 | 1 Kemptechnologies | 1 Loadmaster Operating System | 2024-11-21 | N/A |
| A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. | ||||
| CVE-2018-9084 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2024-11-21 | N/A |
| In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented. | ||||
| CVE-2018-9070 | 1 Lenovo | 1 Smart Assistant | 2024-11-21 | N/A |
| For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo. | ||||
| CVE-2018-9067 | 1 Lenovo | 1 Lenovo Help | 2024-11-21 | N/A |
| The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. | ||||
| CVE-2018-9064 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | N/A |
| In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. | ||||
| CVE-2018-8936 | 1 Amd | 8 Epyc Server, Epyc Server Firmware, Ryzen and 5 more | 2024-11-21 | N/A |
| The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. | ||||