Uncategorized CVEs — 2018 (Page 15/19)

2018-03-14

High

CVE-2018-0902

The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypa…

CVSS: 7.8CWE: N/A

High

CVE-2018-0884

Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are…

CVSS: 7.8CWE: N/A

High

CVE-2018-0883

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Se…

CVSS: 7.5CWE: N/A

High

CVE-2018-0882

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed,…

CVSS: 7.0CWE: N/A

High

CVE-2018-0881

The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 201…

CVSS: 7.0CWE: N/A

High

CVE-2018-0880

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed,…

CVSS: 7.0CWE: N/A

High

CVE-2018-0877

The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file pa…

CVSS: 7.8CWE: N/A

High

CVE-2018-0875

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulner…

CVSS: 7.5CWE: N/A

High

CVE-2018-0817

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and…

CVSS: 7.0CWE: N/A

High

CVE-2018-0816

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and…

CVSS: 7.0CWE: N/A

High

CVE-2018-0815

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memo…

CVSS: 7.0CWE: N/A

High

CVE-2018-0808

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE…

CVSS: 7.5CWE: N/A

Critical

CVE-2018-7279

A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.

CVSS: 9.8CWE: N/A

2018-03-13

High

CVE-2018-1227

Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal.…

CVSS: 7.5CWE: N/A

High

CVE-2018-6305

Denial of service in Gemalto's Sentinel LDK RTE version before 7.65

CVSS: 7.5CWE: N/A

High

CVE-2018-6303

Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams

CVSS: 7.5CWE: N/A

High

CVE-2018-6302

Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams

CVSS: 7.5CWE: N/A

High

CVE-2018-6301

Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams

CVSS: 7.5CWE: N/A

Critical

CVE-2018-6300

Remote password change in Hanwha Techwin Smartcams

CVSS: 9.8CWE: N/A

Medium

CVE-2018-6296

An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams

CVSS: 5.3CWE: N/A

High

CVE-2017-1002102

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary…

CVSS: 7.1CWE: N/A

2018-03-12

High

CVE-2018-6400

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecur…

CVSS: 7.8CWE: N/A

High

CVE-2018-6322

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named…

CVSS: 7.8CWE: N/A

High

CVE-2018-6183

BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full acc…

CVSS: 7.8CWE: N/A

2018-03-10

Medium

CVE-2018-6311

One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disc…

CVSS: 6.8CWE: N/A

2018-03-09

Medium

CVE-2016-8784

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (L…

CVSS: 4.3CWE: CWE-399

Medium

CVE-2016-8782

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (L…

CVSS: 5.3CWE: CWE-399

Critical

CVE-2014-4861

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.

CVSS: 9.8CWE: CWE-255

Medium

CVE-2016-0274

IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.…

CVSS: 5.4CWE: CWE-254

Medium

CVE-2017-17327

Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attac…

CVSS: 5.5CWE: N/A

Medium

CVE-2017-17326

Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after…

CVSS: 4.6CWE: N/A

Low

CVE-2017-17325

Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific interface, an attacker who is on the same ne…

CVSS: 3.7CWE: N/A

Medium

CVE-2017-17279

The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the mo…

CVSS: 5.5CWE: N/A

Low

CVE-2017-17149

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privil…

CVSS: 3.9CWE: N/A

Medium

CVE-2017-17145

Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart…

CVSS: 4.6CWE: N/A

High

CVE-2018-0524

Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors.

CVSS: 7.3CWE: N/A

2018-03-08

High

CVE-2014-7272

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may h…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2018-1219

EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potential…

CVSS: 4.3CWE: N/A

High

CVE-2018-0213

A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a…

CVSS: 8.8CWE: CWE-264

2018-03-07

High

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash)…

CVSS: 7.8CWE: N/A

2018-03-06

High

CVE-2018-7185

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address…

CVSS: 7.5CWE: N/A

High

CVE-2018-7184

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero…

CVSS: 7.5CWE: N/A

Medium

CVE-2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock sel…

CVSS: 5.3CWE: N/A

Critical

CVE-2018-6809

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.

CVSS: 9.8CWE: N/A

Critical

CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used t…

CVSS: 9.8CWE: N/A

2018-03-05

Critical

CVE-2018-7716

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that al…

CVSS: 9.8CWE: N/A

Critical

CVE-2018-7715

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that al…

CVSS: 9.8CWE: N/A

Critical

CVE-2018-7493

CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary ap…

CVSS: 9.8CWE: N/A

Medium

CVE-2018-5255

The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.

CVSS: 6.5CWE: N/A

2018-03-04

High

CVE-2017-18213

In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.

CVSS: 7.2CWE: N/A

2018-03-02

High

CVE-2015-7967

SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7966

SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executa…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7965

SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executa…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7964

SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable mo…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7963

SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7962

SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an e…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7961

SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7598

SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an…

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7597

SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

CVSS: 7.8CWE: CWE-264

High

CVE-2015-7596

SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modi…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2017-9277

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.

CVSS: 4.2CWE: N/A

2018-03-01

High

CVE-2017-6930

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. Th…

CVSS: 8.1CWE: N/A

High

CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrad…

CVSS: 7.8CWE: N/A

2018-02-28

Medium

CVE-2018-1304

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84…

CVSS: 5.9CWE: N/A

2018-02-27

Critical

CVE-2016-10714

In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.

CVSS: 9.8CWE: CWE-189

High

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation,…

CVSS: 7.8CWE: CWE-264

Medium

CVE-2017-18204

The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.

CVSS: 5.5CWE: N/A

High

CVE-2018-7541

An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.

CVSS: 8.8CWE: N/A

High

CVE-2018-6535

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.

CVSS: 8.1CWE: N/A

High

CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed b…

CVSS: 7.8CWE: N/A

Critical

CVE-2018-4872

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass…

CVSS: 10.0CWE: N/A

2018-02-26

High

CVE-2017-11633

An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.

CVSS: 7.5CWE: N/A

Medium

CVE-2017-18195

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/requ…

CVSS: 5.3CWE: N/A

Medium

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote att…

CVSS: 5.9CWE: N/A

2018-02-25

Medium

CVE-2018-7472

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.

CVSS: 5.5CWE: N/A

2018-02-23

Medium

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded.…

CVSS: 6.5CWE: N/A

High

CVE-2018-7420

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks.

CVSS: 7.5CWE: N/A

High

CVE-2018-7418

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.

CVSS: 7.5CWE: N/A

High

CVE-2018-7417

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI head…

CVSS: 7.5CWE: N/A

High

CVE-2018-7337

In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PD…

CVSS: 7.5CWE: N/A

High

CVE-2018-7335

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small.

CVSS: 7.5CWE: N/A

High

CVE-2018-7334

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value.

CVSS: 7.5CWE: N/A

High

CVE-2018-7320

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.

CVSS: 7.5CWE: N/A

2018-02-22

High

CVE-2018-7299

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious softwar…

CVSS: 8.0CWE: N/A

Critical

CVE-2018-7297

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vu…

CVSS: 9.8CWE: N/A

Medium

CVE-2018-1391

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IB…

CVSS: 6.5CWE: N/A

Medium

CVE-2018-7286

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Ast…

CVSS: 6.5CWE: N/A

Medium

CVE-2018-0203

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is du…

CVSS: 5.3CWE: CWE-19

Critical

CVE-2018-0130

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative acce…

CVSS: 9.8CWE: CWE-264

Critical

CVE-2018-0124

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. Th…

CVSS: 9.8CWE: CWE-320

2018-02-21

High

CVE-2018-7281

CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a s…

CVSS: 8.8CWE: N/A

Medium

CVE-2015-0203

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) con…

CVSS: 6.5CWE: CWE-19

2018-02-20

High

CVE-2004-2779

id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition…

CVSS: 7.5CWE: CWE-399

2018-02-19

Critical

CVE-2017-17101

An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypas…

CVSS: 9.8CWE: N/A

Critical

CVE-2016-9568

A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.

CVSS: 9.8CWE: CWE-254

High

CVE-2017-18191

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt t…

CVSS: 7.5CWE: N/A

High

CVE-2018-1411

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could…

CVSS: 7.8CWE: N/A

High

CVE-2018-1410

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could…

CVSS: 7.8CWE: N/A

High

CVE-2018-1409

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could…

CVSS: 7.8CWE: N/A

2018-02-18

High

CVE-2018-7206

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membersh…

CVSS: 8.8CWE: N/A

2018-02-15

High

CVE-2017-8984

A remote code execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506P03 was found.

CVSS: 8.8CWE: N/A

High

CVE-2017-8982

A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.

CVSS: 7.5CWE: N/A

Critical

CVE-2017-8979

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.

CVSS: 9.8CWE: N/A

Medium

CVE-2017-8974

A Local Authentication Restriction Bypass vulnerability in HPE NonStop Server version L-Series: T6533L01 through T6533L01^ADN; J-Series and H-series: T6533H02 through T6533H04^ADF and T6533H05 throug…

CVSS: 4.4CWE: N/A

Critical

CVE-2017-8960

An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found.

CVSS: 9.8CWE: N/A

High

CVE-2017-8959

An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found.

CVSS: 8.8CWE: N/A

High

CVE-2017-8958

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 and earlier was found.

CVSS: 8.8CWE: N/A

Medium

CVE-2017-8949

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

CVSS: 5.5CWE: N/A

Critical

CVE-2017-8948

A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

CVSS: 9.8CWE: N/A

High

CVE-2017-8946

A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.

CVSS: 8.3CWE: N/A

High

CVE-2017-5829

An access restriction bypass vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS: 7.8CWE: N/A

High

CVE-2017-5826

An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS: 8.8CWE: N/A

High

CVE-2017-5825

A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS: 8.8CWE: N/A

Critical

CVE-2017-5824

An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

CVSS: 9.8CWE: N/A

Critical

CVE-2017-5823

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS: 9.8CWE: N/A

High

CVE-2017-5822

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS: 7.5CWE: N/A

Critical

CVE-2017-5821

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS: 9.8CWE: N/A

Critical

CVE-2017-5820

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

CVSS: 9.8CWE: N/A

Medium

CVE-2017-5813

A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.

CVSS: 6.3CWE: N/A

Medium

CVE-2017-5809

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

CVSS: 5.5CWE: CWE-275