| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Moodle 3.3, the course overview block reveals activities in hidden courses. |
| An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. |
| In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. |
| phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. |
| iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service. |
| In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value. |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. |
| Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable. |
| An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132. |
| The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. |
| coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. |
| ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. |
| ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. |
| Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. |
| An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175. |
| Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. |