Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8172 | 1 Microsoft | 3 Expression Blend, Visual Studio, Visual Studio 2017 | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
|
|||||
| CVE-2018-8162 | 1 Microsoft | 3 Excel, Office, Office For Mac | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148.
|
|||||
| CVE-2018-8161 | 1 Microsoft | 4 Office, Office Web Apps, Sharepoint Server and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.
|
|||||
| CVE-2018-8158 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161.
|
|||||
| CVE-2018-8157 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.
|
|||||
| CVE-2018-8150 | 1 Microsoft | 1 Office | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.
|
|||||
| CVE-2018-8148 | 1 Microsoft | 4 Excel, Office, Office Compatibility Pack and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.
|
|||||
| CVE-2018-8147 | 1 Microsoft | 4 Excel, Office, Office Compatibility Pack and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.
|
|||||
| CVE-2018-8142 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.
|
|||||
| CVE-2018-8140 | 1 Microsoft | 3 Windows 10, Windows Server 1803, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.
|
|||||
| CVE-2018-8136 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8134 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8132 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129.
|
|||||
| CVE-2018-8129 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132.
|
|||||
| CVE-2018-8126 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2016 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
|
|||||
| CVE-2018-8117 | 1 Microsoft | 1 Wireless Keyboard 850 | 2024-11-21 | 7.3 HIGH | 6.8 MEDIUM |
|
A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka "Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability." This affects Microsoft Wireless Keyboard 850.
|
|||||
| CVE-2018-8116 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8113 | 1 Microsoft | 2 Internet Explorer, Windows 10 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
|
|||||
| CVE-2018-8088 | 3 Oracle, Qos, Redhat | 14 Goldengate Application Adapters, Goldengate Stream Analytics, Utilities Framework and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
|
|||||
| CVE-2018-8029 | 1 Apache | 1 Hadoop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
|
|||||
| CVE-2018-7991 | 1 Huawei | 2 Mate10, Mate10 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page.
|
|||||
| CVE-2018-7990 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
|
Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP.
|
|||||
| CVE-2018-7956 | 1 Huawei | 7 Mate 20, Mate 20 Firmware, Nova 3 and 4 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
|
|||||
| CVE-2018-7944 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.
|
|||||
| CVE-2018-7942 | 1 Huawei | 14 1288h V5, 1288h V5 Firmware, 2288h V5 and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
|
|||||
| CVE-2018-7939 | 1 Huawei | 8 G9 Lite, G9 Lite Firmware, Honor 5a and 5 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
|
Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, ...
Show More |
|||||
| CVE-2018-7937 | 1 Huawei | 4 Hirouter-cd20, Hirouter-cd20 Firmware, Ws5200-10 and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root permission of the device and take full control over the device.
|
|||||
| CVE-2018-7936 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
|
Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can connect the phone with PC and send special instructions to install third party desktop and disable the boot wizard. As a result, the FRP function is bypassed.
|
|||||
| CVE-2018-7931 | 1 Huawei | 1 Appgallery | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism.
|
|||||
| CVE-2018-7928 | 1 Westerndigital | 1 My Cloud | 2024-11-21 | 3.6 LOW | 4.6 MEDIUM |
|
There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed.
|
|||||
| CVE-2018-7911 | 1 Huawei | 10 Alp-al00b, Alp-al00b-rsc, Alp-al00b-rsc Firmware and 7 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
|
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Char ...
Show More |
|||||
| CVE-2018-7904 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.
|
|||||
| CVE-2018-7903 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.
|
|||||
| CVE-2018-7902 | 1 Huawei | 4 1288h V5, 1288h V5 Firmware, 2288h V5 and 1 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.
|
|||||
| CVE-2018-7901 | 1 Huawei | 4 Alp-al00b, Alp-al00b Firmware, Bla-al00b and 1 more | 2024-11-21 | 5.8 MEDIUM | 4.4 MEDIUM |
|
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the att ...
Show More |
|||||
| CVE-2018-7850 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.
|
|||||
| CVE-2018-7823 | 1 Schneider-electric | 3 Modicon M221, Modicon M221 Firmware, Somachine Basic | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message.
|
|||||
| CVE-2018-7816 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file.
|
|||||
| CVE-2018-7793 | 1 Schneider-electric | 4 Foxboro Dcs, Foxboro Evo, Foxview and 1 more | 2024-11-21 | 4.6 MEDIUM | 8.7 HIGH |
|
A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.
|
|||||
| CVE-2018-7788 | 1 Schneider-electric | 2 Modicon Quantum, Modicon Quantum Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection.
|
|||||