• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

NVD-CWE-noinfo

CVE-2018-1030

February 26, 2023 by

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability.” This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026.

CVE-2018-10305

February 26, 2023 by

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.

CVE-2018-1025

February 26, 2023 by

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka “Microsoft Browser Information Disclosure Vulnerability.” This affects Internet Explorer 11, Microsoft Edge.

CVE-2018-1026

February 26, 2023 by

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability.” This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030.

CVE-2018-10192

February 26, 2023 by

IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the “connect” message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user.

CVE-2018-1021

February 26, 2023 by

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 440
  • Go to page 441
  • Go to page 442
  • Go to page 443
  • Go to page 444
  • Interim pages omitted …
  • Go to page 2387
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE