Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2018-8545 —
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
Published: November 13, 2018; 08:29:00 PM -05:00
-
CVE-2018-19287 —
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
Published: November 15, 2018; 01:29:00 AM -05:00
-
CVE-2018-9438 —
When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is... read CVE-2018-9438
Published: November 06, 2018; 12:29:00 PM -05:00
-
CVE-2018-9355 —
In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitati... read CVE-2018-9355
Published: November 06, 2018; 12:29:00 PM -05:00
-
CVE-2018-9356 —
In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi... read CVE-2018-9356
Published: November 06, 2018; 12:29:00 PM -05:00
-
CVE-2018-9359 —
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio... read CVE-2018-9359
Published: November 06, 2018; 12:29:00 PM -05:00
-
CVE-2018-8582 —
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outl... read CVE-2018-8582
Published: November 13, 2018; 08:29:01 PM -05:00
-
CVE-2018-9526 —
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033
Published: November 14, 2018; 01:29:00 PM -05:00
-
CVE-2018-8562 —
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows... read CVE-2018-8562
Published: November 13, 2018; 08:29:01 PM -05:00
-
CVE-2018-8592 —
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019.
Published: November 13, 2018; 08:29:02 PM -05:00
-
CVE-2018-8579 —
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
Published: November 13, 2018; 08:29:01 PM -05:00
-
CVE-2018-8558 —
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 3... read CVE-2018-8558
Published: November 13, 2018; 08:29:01 PM -05:00
-
CVE-2018-8578 —
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft Share... read CVE-2018-8578
Published: November 13, 2018; 08:29:01 PM -05:00
-
CVE-2018-8602 —
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
Published: November 13, 2018; 08:29:02 PM -05:00
-
CVE-2018-17948 —
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
Published: November 20, 2018; 01:29:00 PM -05:00
-
CVE-2018-0673 —
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
Published: November 15, 2018; 10:29:00 AM -05:00
-
CVE-2018-1779 —
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
Published: November 20, 2018; 09:29:00 AM -05:00
-
CVE-2018-6081 —
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
Published: November 14, 2018; 10:29:02 AM -05:00
-
CVE-2018-8547 —
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directo... read CVE-2018-8547
Published: November 13, 2018; 08:29:01 PM -05:00
-
CVE-2018-8608 —
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site... read CVE-2018-8608
Published: November 13, 2018; 08:29:02 PM -05:00