Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18922 | 1 Abisoftgt | 1 Ticketly | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. | |||||
| CVE-2018-19207 | 1 Van-ons | 1 Wp-gdpr-compliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. | |||||
| CVE-2018-19367 | 1 Portainer | 1 Portainer | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. | |||||
| CVE-2018-19409 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |||||
| CVE-2018-19410 | 1 Paessler | 1 Prtg Network Monitor | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator). | |||||
| CVE-2018-19987 | 1 D-link | 12 Dir-818lw, Dir-818lw Firmware, Dir-822 and 9 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string. | |||||
| CVE-2018-19986 | 1 D-link | 4 Dir-818lw, Dir-818lw Firmware, Dir-822 and 1 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. | |||||
| CVE-2018-20100 | 1 August | 2 August Connect, August Connect Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app. | |||||
| CVE-2018-20394 | 1 Technicolor | 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20395 | 1 Net-wave | 2 Ming6200, Ming6200 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20396 | 1 Net-wave | 4 Ming2120j, Ming2120j Firmware, Ming6300 and 1 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20397 | 1 Mplustec | 2 Cbc383z, Cbc383z Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20399 | 1 Motorola | 6 Sbg901, Sbg901 Firmware, Sbg941 and 3 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20400 | 1 Ubeeinteractive | 4 Dvw2108, Dvw2108 Firmware, Dvw2110 and 1 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20401 | 1 Zoomtel | 2 5352, 5352 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20438 | 1 Technicolor | 2 Tc7110.ar, Tc7110.ar Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-20439 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-20440 | 1 Technicolor | 2 Cwa0101, Cwa0101 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-20441 | 1 Technicolor | 2 Tc7200.th2v2, Tc7200.th2v2 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-20442 | 1 Technicolor | 2 Tc7110.b, Tc7110.b Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-20443 | 1 Technicolor | 2 Tc7200.d1i, Tc7200.d1i Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-20444 | 1 Technicolor | 2 Cga0111, Cga0111 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-20512 | 1 Cdatatec | 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | |||||
| CVE-2018-2664 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2019-10-03 | 6.8 MEDIUM | 9.0 CRITICAL |
| Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-2893 | 1 Oracle | 1 Weblogic Server | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-2894 | 1 Oracle | 1 Weblogic Server | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-3100 | 1 Oracle | 1 Business Process Management Suite | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2018-3191 | 1 Oracle | 1 Weblogic Server | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-3252 | 1 Oracle | 1 Weblogic Server | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-3591 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target. | |||||
| CVE-2018-3594 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings. | |||||
| CVE-2018-3596 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed. | |||||
| CVE-2018-3641 | 1 Intel | 2 Remote Keyboard, Remote Keyboard Mobile App | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user. | |||||
| CVE-2018-3856 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2019-10-03 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2018-4091 | 1 Apple | 1 Mac Os X | 2019-10-03 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism. | |||||
| CVE-2018-4110 | 1 Apple | 1 Iphone Os | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence. | |||||
| CVE-2018-4115 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence. | |||||
| CVE-2018-4995 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass. | |||||
| CVE-2018-9845 | 1 Etherpad | 1 Etherpad Lite | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Etherpad Lite before 1.6.4 is exploitable for admin access. | |||||
| CVE-2018-5339 | 1 Zohocorp | 1 Manageengine Desktop Central | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | |||||
| CVE-2018-5377 | 1 Discuz | 1 Discuzx | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | |||||
| CVE-2018-5770 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. | |||||
| CVE-2018-5777 | 1 Ipswitch | 1 Whatsup Gold | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors. | |||||
| CVE-2018-8755 | 1 Nucom | 2 Wr644gacv, Wr644gacv Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. | |||||
| CVE-2018-8739 | 1 Keepsolid | 1 Vpn Unlimited | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root. | |||||
| CVE-2018-8016 | 1 Apache | 1 Cassandra | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra. | |||||
| CVE-2018-7785 | 1 Schneider-electric | 1 U.motion Builder | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | |||||
| CVE-2018-6292 | 1 Hyland | 1 Saperion Web Client | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code Execution in Saperion Web Client version 7.5.2 83166. | |||||
| CVE-2018-6295 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Unencrypted way of remote control and communications in Hanwha Techwin Smartcams | |||||