Export limit exceeded: 10480 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10480 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9320 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | ||||
| CVE-2018-9318 | 1 Bmw | 2 Telematics Control Unit, Telematics Control Unit Firmware | 2024-11-21 | N/A |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | ||||
| CVE-2018-9314 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. | ||||
| CVE-2018-9313 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot. | ||||
| CVE-2018-9312 | 1 Bmw | 2 Head Unit Hu Nbt, Head Unit Hu Nbt Firmware | 2024-11-21 | N/A |
| The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | ||||
| CVE-2018-9311 | 1 Bmw | 2 Telematics Control Unit, Telematics Control Unit Firmware | 2024-11-21 | N/A |
| The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. | ||||
| CVE-2018-9303 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. | ||||
| CVE-2018-9263 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. | ||||
| CVE-2018-9260 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. | ||||
| CVE-2018-9259 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. | ||||
| CVE-2018-9252 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. | ||||
| CVE-2018-9154 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A |
| There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | ||||
| CVE-2018-9145 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | N/A |
| In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. | ||||
| CVE-2018-9138 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. | ||||
| CVE-2018-9116 | 1 Wiremock | 1 Wiremock | 2024-11-21 | N/A |
| An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service. | ||||
| CVE-2018-9055 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. | ||||
| CVE-2018-8940 | 1 Enghouse | 1 Contact Center\ | 2024-11-21 | N/A |
| ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue. | ||||
| CVE-2018-8937 | 1 Open-audit | 1 Open-audit | 2024-11-21 | N/A |
| An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. | ||||
| CVE-2018-8926 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. | ||||
| CVE-2018-8913 | 1 Synology | 1 Web Station | 2024-11-21 | N/A |
| Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. | ||||