CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2018-08-25
Medium
CVE-2018-15852

Vendor: Technicolor
Software: Tc7200.20 fi...
 

 
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof.

 
2018-08-23
Medium
CVE-2018-15685

Vendor: Electronjs
Software: Electron
 

 
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.

 
2018-08-21
Medium
CVE-2018-15669

Vendor: Bloop
Software: Airmail 3
 

 
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.

 
2018-08-20
Medium
CVE-2018-1000647

Vendor: Librehealth
Software: Librehealth ehr
 

 
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.

 
2018-08-17
Medium
CVE-2018-15360

Vendor: Eltex
Software: Esp-200 firmware
 

 
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.

 
2018-08-15
Medium
CVE-2018-8200

Vendor: Microsoft
Software: Windows 10
 

 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204.

 
Medium
CVE-2018-8204

Vendor: Microsoft
Software: Windows 10
 

 
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200.

 
Low
CVE-2018-8340

Vendor: Microsoft
Software: Windows serv...
 

 
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers.

 
Low
CVE-2018-8358

Vendor: Microsoft
Software: EDGE
 

 
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

 
2018-08-14
Medium
CVE-2018-5392

Vendor: Mingw
Software: Mingw-w64
 

 
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top