Total
12883 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3846 | 2 Fedoraproject, Nasa | 2 Fedora, Cfitsio | 2024-11-21 | 8.8 High |
| In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | ||||
| CVE-2018-3840 | 1 Pixar | 1 Renderman | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | ||||
| CVE-2018-3777 | 1 Restforce | 1 Restforce | 2024-11-21 | 9.8 Critical |
| Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests. | ||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.3 Medium |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | ||||
| CVE-2018-3774 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 9.8 Critical |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | ||||
| CVE-2018-3772 | 1 Whereis Project | 1 Whereis | 2024-11-21 | N/A |
| Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. | ||||
| CVE-2018-3753 | 1 Merge-object Project | 1 Merge-object | 2024-11-21 | N/A |
| The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | ||||
| CVE-2018-3752 | 1 Merge-options Project | 1 Merge-options | 2024-11-21 | N/A |
| The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | ||||
| CVE-2018-3751 | 1 Umbraengineering | 1 Merge-recursive | 2024-11-21 | N/A |
| The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | ||||
| CVE-2018-3750 | 2 Deep Extend Project, Redhat | 3 Deep Extend, Enterprise Linux, Rhel Software Collections | 2024-11-21 | N/A |
| The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | ||||
| CVE-2018-3749 | 1 Deap Project | 1 Deap | 2024-11-21 | N/A |
| The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | ||||
| CVE-2018-3740 | 1 Sanitize Project | 1 Sanitize | 2024-11-21 | N/A |
| A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | ||||
| CVE-2018-3739 | 1 Https-proxy-agent Project | 1 Https-proxy-agent | 2024-11-21 | N/A |
| https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON). | ||||
| CVE-2018-3728 | 2 Hapijs, Redhat | 3 Hoek, Mobile Application Platform, Quay | 2024-11-21 | N/A |
| hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-11-21 | N/A |
| defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3721 | 3 Lodash, Netapp, Redhat | 4 Lodash, Active Iq Unified Manager, System Manager and 1 more | 2024-11-21 | 6.5 Medium |
| lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3719 | 1 Mixin-deep Project | 1 Mixin-deep | 2024-11-21 | 8.8 High |
| mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3650 | 1 Intel | 1 Distribution For Python | 2024-11-21 | N/A |
| Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. | ||||
| CVE-2018-3634 | 1 Intel | 1 Online Connect Access | 2024-11-21 | 5.5 Medium |
| Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | ||||
| CVE-2018-3612 | 1 Intel | 18 Ayaplcel.86a, Bios, Bnkbl357.86a and 15 more | 2024-11-21 | N/A |
| Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). | ||||