Total
34061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4018 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 9.8 Critical |
| An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability. | ||||
| CVE-2018-3934 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 9.8 Critical |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability. | ||||
| CVE-2018-3920 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2024-11-21 | 6.8 Medium |
| An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability. | ||||
| CVE-2018-3833 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2024-11-21 | 7.5 High |
| An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. | ||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2024-11-21 | N/A |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2018-3767 | 1 Memcachier | 1 Memjs | 2024-11-21 | N/A |
| `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | ||||
| CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2024-11-21 | N/A |
| merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2024-11-21 | 8.8 High |
| assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2024-11-21 | 5.3 Medium |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | ||||
| CVE-2018-3698 | 1 Intel | 1 Ready Mode Technology | 2024-11-21 | N/A |
| Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. | ||||
| CVE-2018-3693 | 7 Arm, Fujitsu, Intel and 4 more | 230 Cortex-a, Cortex-r, M12-1 and 227 more | 2024-11-21 | 5.6 Medium |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | ||||
| CVE-2018-3691 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-11-21 | N/A |
| Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. | ||||
| CVE-2018-3689 | 2 Intel, Linux | 2 Software Guard Extensions, Linux Kernel | 2024-11-21 | 5.5 Medium |
| AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. | ||||
| CVE-2018-3679 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A |
| Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. | ||||
| CVE-2018-3672 | 1 Intel | 1 Intel Smart Sound Technology | 2024-11-21 | N/A |
| Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. | ||||
| CVE-2018-3671 | 1 Intel | 1 Saffron Memorybase | 2024-11-21 | N/A |
| Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. | ||||
| CVE-2018-3669 | 1 Intel | 7 Centrino Advanced-n 6230, Centrino Advanced-n 6235, Centrino Firmware and 4 more | 2024-11-21 | N/A |
| A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network. | ||||
| CVE-2018-3666 | 1 Intel | 1 Intel Smart Sound Technology | 2024-11-21 | N/A |
| Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow. | ||||
| CVE-2018-3663 | 1 Intel | 1 Saffron Memorybase | 2024-11-21 | N/A |
| Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information. | ||||
| CVE-2018-3662 | 1 Intel | 1 Saffron Memorybase | 2024-11-21 | N/A |
| Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. | ||||