Total
31733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0028 | 1 Juniper | 1 Junos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R2. Junos OS releases prior to 16.1R1 are not affected. | |||||
| CVE-2019-0019 | 1 Juniper | 1 Junos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1. | |||||
| CVE-2019-0016 | 1 Juniper | 1 Junos Space | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. | |||||
| CVE-2019-0012 | 1 Juniper | 1 Junos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. | |||||
| CVE-2019-0011 | 1 Juniper | 1 Junos | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Junos OS kernel crashes after processing a specific incoming packet to the out of band management interface (such as fxp0, me0, em0, vme0) destined for another address. By continuously sending this type of packet, an attacker can repeatedly crash the kernel causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 17.2X75 versions prior to 17.2X75-D110; 18.1 versions prior to 18.1R2. | |||||
| CVE-2019-0009 | 1 Juniper | 3 Ex2300, Ex3400, Junos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| On EX2300 and EX3400 series, high disk I/O operations may disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE). In a virtual chassis (VC) deployment, this issue disrupts communication between the VC members. This issue does not affect other Junos platforms. Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R2-S2, 18.1R3; 18.2 versions prior to 18.2R2. | |||||
| CVE-2019-0002 | 1 Juniper | 3 Ex2300, Ex3400, Junos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter. | |||||
| CVE-2018-9995 | 1 Tbkvision | 4 Tbk-dvr4104, Tbk-dvr4104 Firmware, Tbk-dvr4216 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. | |||||
| CVE-2018-9934 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. | |||||
| CVE-2018-9859 | 1 Navercorp | 1 Whale | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications. | |||||
| CVE-2018-9849 | 1 Pulsesecure | 1 Pulse Connect Secure | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document. | |||||
| CVE-2018-9840 | 1 Signal | 1 Signal | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button. | |||||
| CVE-2018-9580 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. | |||||
| CVE-2018-9567 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65543936. | |||||
| CVE-2018-9525 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641 | |||||
| CVE-2018-9515 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A | |||||
| CVE-2018-9501 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 | |||||
| CVE-2018-9438 | 1 Google | 1 Android | 2024-11-21 | 4.7 MEDIUM | 5.0 MEDIUM |
| When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887. | |||||
| CVE-2018-9326 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code. | |||||
| CVE-2018-9310 | 2 Linux, Magnicomp | 2 Linux Kernel, Sysinfo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system. | |||||