Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes:...
7.4AI Score
0.002EPSS
0.002EPSS
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...
6.5CVSS
6.5AI Score
0.001EPSS
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...
6.5CVSS
6.5AI Score
0.001EPSS
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...
6.5CVSS
6.4AI Score
0.001EPSS
Securely and Anonymously Send and Receive Files: OnionShare
OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an unguessable Tor web address that others can load in Tor Browser to download files from...
-0.5AI Score
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...
1AI Score
0.001EPSS
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...
6.5CVSS
6.5AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: February 12, 2019
Description of the security update for SharePoint Foundation 2013: February 12, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
9AI Score
0.974EPSS
Schneider Electric EVLink Parking
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
8.8CVSS
9.7AI Score
0.031EPSS
-0.1AI Score
-0.3AI Score
7.4AI Score
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
VPN Browser+ 1.1.0.0 - Denial of Service...
-0.1AI Score
sinatra is vulnerable to timing attacks. This vulnerability is caused because the csrf tokens are not compared in constant time, allowing malicious users to guess the valid csrf tokens based on the time that a comparison...
5.9CVSS
6.4AI Score
0.002EPSS
Description of the security update for SharePoint Foundation 2013: January 8, 2019
Description of the security update for SharePoint Foundation 2013: January 8, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
6.4AI Score
0.001EPSS
Critical Bug Patched in Schneider Electric Vehicle Charging Station
Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable...
0.9AI Score
0.031EPSS
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...
9.8CVSS
9.1AI Score
0.004EPSS
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...
9.8CVSS
9.4AI Score
0.004EPSS
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...
9.8CVSS
9.4AI Score
0.004EPSS
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...
9.6AI Score
0.004EPSS
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...
6.5CVSS
7AI Score
0.011EPSS
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...
6.5CVSS
7.2AI Score
0.011EPSS
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...
6.5CVSS
7.5AI Score
0.011EPSS
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...
6.5CVSS
7.3AI Score
0.011EPSS
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...
6.5CVSS
7.5AI Score
0.011EPSS
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...
7.4AI Score
0.011EPSS
Scientific Linux Security Update : libkdcraw on SL7.x x86_64 (20181030)
LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800) LibRaw: NULL pointer dereference in LibRaw::unpack...
8.8CVSS
0.3AI Score
0.011EPSS
CentOS 7 : libkdcraw (CESA-2018:3065)
An update for libkdcraw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from....
8.8CVSS
-0.3AI Score
0.011EPSS
CentOS Errata and Security Advisory CESA-2018:3065 Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files. Security Fix(es): LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) LibRaw:...
8.8CVSS
8AI Score
0.011EPSS
Microsoft Chakracore is vulnerable to remote code execution. It is possible due to a flaw in GetEnvironmentOperand in IRBuilder.cpp This CVE ID is different from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557,...
7.5CVSS
6.3AI Score
0.205EPSS
Tina4 Stack 1.0.3 - SQL Injection / Database File Download Vulnerabilities
Exploit for php platform in category web...
7.1AI Score
Description of the security update for SharePoint Foundation 2013: November 13, 2018
Description of the security update for SharePoint Foundation 2013: November 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
8.6AI Score
0.373EPSS
7.4AI Score
Tina4 Stack 1.0.3 - SQL Injection Database File Download
Tina4 Stack 1.0.3 - SQL Injection Database File...
0.1AI Score
-0.1AI Score
Oracle Linux 7 : libkdcraw (ELSA-2018-3065)
From Red Hat Security Advisory 2018:3065 : An update for libkdcraw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity...
8.8CVSS
-0.5AI Score
0.011EPSS
[4.10.5-5] - Resolves: #1557171, #1557189, #1558954 use the system...
8.8CVSS
1.4AI Score
0.011EPSS
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() of the affected device which can lead to a denial of....
7.5CVSS
2.9AI Score
0.783EPSS
RHEL 7 : libkdcraw (RHSA-2018:3065)
An update for libkdcraw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from....
8.8CVSS
-0.3AI Score
0.011EPSS
(RHSA-2018:3065) Moderate: libkdcraw security update
Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files. Security Fix(es): LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) LibRaw: Heap-based buffer overflow in...
1.1AI Score
0.011EPSS
SUSE SLED12 Security Update : libraw (SUSE-SU-2018:3343-1)
This update for libraw fixes the following issues : Security issues fixed : CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function (bsc#1084691). CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function (bsc#1084690). CVE-2018-5802: Fixed...
8.8CVSS
-0.2AI Score
0.011EPSS
Improving Image Manager with Real User Feedback
Steve Krug, a well-known user experience professional, has been quoted on many occasions for saying, "Don't make me think." It's true that users shouldn't have to puzzle around to find what they're looking for or to complete a task. Product usability is equally important to fancy features and...
AI Score
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....
6.8CVSS
6.6AI Score
0.001EPSS
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....
6.8CVSS
6.7AI Score
0.001EPSS
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....
6.8CVSS
6.6AI Score
0.001EPSS
Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....
2.1AI Score
0.001EPSS
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....
6.7AI Score
0.001EPSS
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Logix5000 Vulnerability: Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the previously updated advisory titled...
10CVSS
10AI Score
0.002EPSS
Network Vision IntraVue Code Injection Vulnerability
OVERVIEW Researcher Jürgen Bilberger from Daimler TSS GmbH has identified a code injection vulnerability in Network Vision’s IntraVue software. Network Vision has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...
8.1AI Score
0.004EPSS