Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5490 | 1 Netapp | 1 Clustered Data Ontap | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release. | |||||
| CVE-2018-5486 | 2 Linux, Netapp | 2 Linux Kernel, Oncommand Unified Manager | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code. | |||||
| CVE-2018-5485 | 2 Microsoft, Netapp | 2 Windows, Oncommand Unified Manager | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack. | |||||
| CVE-2018-5507 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU. | |||||
| CVE-2018-5481 | 1 Netapp | 1 Oncommand Unified Manager | 2019-10-03 | 5.8 MEDIUM | 7.4 HIGH |
| OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. | |||||
| CVE-2018-11319 | 2 Debian, Syntastic Project | 2 Debian Linux, Syntastic | 2019-10-03 | 8.5 HIGH | 7.5 HIGH |
| Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed. | |||||
| CVE-2017-5936 | 2 Canonical, Openstack | 2 Ubuntu Linux, Nova-lxd | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. | |||||
| CVE-2017-5940 | 1 Firejail Project | 1 Firejail | 2019-10-03 | 4.6 MEDIUM | 8.8 HIGH |
| Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180. | |||||
| CVE-2018-11338 | 1 Intuit | 1 Lacerte | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable. | |||||
| CVE-2018-11363 | 1 Pdfgen | 1 Pdfgen | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read. | |||||
| CVE-2017-5944 | 1 Bestpractical | 1 Request Tracker | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name. | |||||
| CVE-2017-5970 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. | |||||
| CVE-2017-5997 | 1 Sap | 1 Sap Kernel | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. | |||||
| CVE-2018-1141 | 1 Tenable | 1 Nessus | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. | |||||
| CVE-2018-5327 | 2 Cmcm, Google | 2 Armorfly Browser \& Downloader, Android | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | |||||
| CVE-2018-5326 | 2 Cmcm, Google | 2 Cm Browser, Android | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | |||||
| CVE-2018-11906 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. | |||||
| CVE-2017-6005 | 1 Waves | 1 Maxxaudio | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. | |||||
| CVE-2018-1150 | 1 Nuuo | 2 Nvrmini2, Nvrmini2 Firmware | 2019-10-03 | 7.5 HIGH | 7.3 HIGH |
| NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. | |||||
| CVE-2018-5261 | 1 Flexense | 1 Diskboss | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener. | |||||
| CVE-2018-5259 | 1 Discuz | 1 Discuzx | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | |||||
| CVE-2018-11908 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which presents a potential issue. | |||||
| CVE-2018-11646 | 1 Webkitgtk | 1 Webkitgtk\+ | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. | |||||
| CVE-2017-6014 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | |||||
| CVE-2018-5231 | 1 Atlassian | 1 Jira | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it. | |||||
| CVE-2018-11909 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue. | |||||
| CVE-2018-5226 | 1 Atlassian | 1 Sourcetree | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability. | |||||
| CVE-2018-11634 | 1 Dialogic | 1 Powermedia Xms | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | |||||
| CVE-2018-5179 | 1 Mozilla | 1 Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. | |||||
| CVE-2018-11657 | 1 Miniupnp Project | 1 Ngiflib | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | |||||
| CVE-2018-5174 | 2 Microsoft, Mozilla | 5 Windows 10, Firefox, Firefox Esr and 2 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | |||||
| CVE-2017-8176 | 1 Huawei | 2 Iptv Stb, Iptv Stb Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free. | |||||
| CVE-2018-1000817 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially crafted GET request containing directory traversal from assets-pipeline context. This vulnerability appears to have been fixed in 2.14.1.1 (for Grails 2.x), 2.15.1 (for Grails 3 and Java 7) and 3.0.6 (for Grails 3 and Java 8). | |||||
| CVE-2018-1000649 | 1 Librehealth | 1 Librehealth Ehr | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input. | |||||
| CVE-2018-1000648 | 1 Librehealth | 1 Librehealth Ehr | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters. | |||||
| CVE-2018-1000647 | 1 Librehealth | 1 Librehealth Ehr | 2019-10-03 | 5.5 MEDIUM | 7.1 HIGH |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. | |||||
| CVE-2018-1000624 | 1 Battelle | 1 V2i Hub | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system. | |||||
| CVE-2018-1000621 | 2 Linux, Mycroft | 2 Linux Kernel, Mycroft-core | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available. | |||||
| CVE-2018-1000404 | 1 Jenkins | 1 Aws Codebuild | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later. | |||||
| CVE-2018-1000403 | 1 Jenkins | 1 Aws Codedeploy | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later. | |||||
| CVE-2018-1008 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-1000401 | 1 Jenkins | 1 Aws Codepipeline | 2019-10-03 | 2.1 LOW | 7.8 HIGH |
| Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later. | |||||
| CVE-2018-1000400 | 1 Kubernetes | 1 Cri-o | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. | |||||
| CVE-2018-10084 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed. | |||||
| CVE-2018-1000203 | 1 Soarlabs | 1 Soarcoin | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed. | |||||
| CVE-2018-1000197 | 1 Jenkins | 1 Black Duck Hub | 2019-10-03 | 5.5 MEDIUM | 8.1 HIGH |
| An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. | |||||
| CVE-2018-10123 | 1 Intenogroup | 2 Iopsys, Iopsys Firmware | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. | |||||
| CVE-2018-1000189 | 1 Jenkins | 1 Absint Astree | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master. | |||||
| CVE-2018-1000158 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-03 | 4.3 MEDIUM | 8.8 HIGH |
| cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker controlled server can be created by using a host header attack. | |||||
| CVE-2018-10168 | 1 Tp-link | 1 Eap Controller | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. | |||||