CWE:
 

Topic
Date
Author
Med.
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
25.04.2017
Matt Bergin
Med.
SAP MII 15.0 Directory Traversal
17.05.2016
Dmitry Chastuhin
Med.
Infoware MapSuite Path Traversal
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2018-06-08
High
CVE-2018-4228

Vendor: Apple
Software: Mac os x
 

 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.

 
Medium
CVE-2018-4192

Vendor: Apple
Software: Apple tv
 

 
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.

 
High
CVE-2018-4230

Vendor: Apple
Software: Mac os x
 

 
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition.

 
2018-06-04
Low
CVE-2016-1000345

Vendor: Bouncycastle
Software: Legion-of-th...
 

 
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

 
Low
CVE-2016-1000341

Vendor: Bouncycastle
Software: Legion-of-th...
 

 
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

 
2018-05-31
Medium
CVE-2016-10538

Vendor: Debian
Software: Debian linux
 

 
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

 
2018-05-25
Medium
CVE-2018-6236

Vendor: Trendmicro
Software: Antivirus+
 

 
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

 
2018-05-22
Low
CVE-2018-11324

Vendor: Joomla
Software: Joomla!
 

 
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.

 
2018-05-16
Low
CVE-2018-11203

Vendor: Hdfgroup
Software: HDF5
 

 
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.

 
Low
CVE-2018-11207

Vendor: Hdfgroup
Software: HDF5
 

 
A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top