Total
31944 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-3833 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. | |||||
CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||
CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | |||||
CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3718 | 1 Zeit | 1 Serve | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | |||||
CVE-2018-3698 | 1 Intel | 1 Ready Mode Technology | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. | |||||
CVE-2018-3693 | 7 Arm, Fujitsu, Intel and 4 more | 228 Cortex-a, Cortex-r, M12-1 and 225 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | |||||
CVE-2018-3691 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. | |||||
CVE-2018-3689 | 2 Intel, Linux | 2 Software Guard Extensions, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. | |||||
CVE-2018-3679 | 1 Intel | 1 Data Center Manager | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. | |||||
CVE-2018-3672 | 1 Intel | 1 Intel Smart Sound Technology | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. | |||||
CVE-2018-3671 | 1 Intel | 1 Saffron Memorybase | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. | |||||
CVE-2018-3669 | 1 Intel | 7 Centrino Advanced-n 6230, Centrino Advanced-n 6235, Centrino Firmware and 4 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network. | |||||
CVE-2018-3666 | 1 Intel | 1 Intel Smart Sound Technology | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow. | |||||
CVE-2018-3663 | 1 Intel | 1 Saffron Memorybase | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information. | |||||
CVE-2018-3662 | 1 Intel | 1 Saffron Memorybase | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. | |||||
CVE-2018-3659 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access. | |||||
CVE-2018-3655 | 1 Intel | 3 Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware | 2024-11-21 | 3.6 LOW | 7.3 HIGH |
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access. | |||||
CVE-2018-3646 | 1 Intel | 8 Core I3, Core I5, Core I7 and 5 more | 2024-11-21 | 4.7 MEDIUM | 5.6 MEDIUM |
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. |