Null pointer dereference

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

Denial of service

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...

CVE-2018-3934

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger...

CVE-2018-3947

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability...

CVE-2018-3977

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

Yi Technology Home Camera 27US QR Code Base64 Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability...

Yi Technology Home Camera 27US TimeSync Code Execution Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability...

CVE-2018-3970

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to...

CVE-2018-4013

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

CVE-2018-4013

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

CVE-2018-3289

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

Code injection

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Windows. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2018-3296

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2018-3133

CVE-2018-3133 concerns Oracle MySQL Server (subcomponent: Server: Parser). Affected are MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier. An attacker with network access via multiple protocols and low privileges can trigger a hang or frequen...

CVE-2018-3277

Disclaimer: This data contains information about vulnerable...

CVE-2018-3143

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick th...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...