CVE Daily
← All years

Uncategorized 2018

Page 19/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2018-01-10
High

CVE-2018-0791

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-0790

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-0789

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-0784

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique fro…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents…

CVSS: 7.5CWE: N/A
Read more
2018-01-09
High

CVE-2017-1612

IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2018-2362

A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.

CVSS: 5.3CWE: N/A
Read more
2018-01-08
Critical

CVE-2014-5334

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.

CVSS: 9.8CWE: CWE-254
Read more
High

CVE-2014-2071

Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows…

CVSS: 7.1CWE: CWE-264
Read more
High

CVE-2018-5259

Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.

CVSS: 8.8CWE: N/A
Read more
Critical

CVE-2018-5267

Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or…

CVSS: 9.8CWE: N/A
Read more
2018-01-07
High

CVE-2014-10069

Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a b…

CVSS: 7.5CWE: CWE-310
Read more
2018-01-05
Medium

CVE-2014-8540

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

CVSS: 6.5CWE: CWE-264
Read more
High

CVE-2014-8335

(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users…

CVSS: 7.8CWE: CWE-255
Read more
Medium

CVE-2017-4945

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be…

CVSS: 5.5CWE: N/A
Read more
2018-01-04
Critical

CVE-2014-7862

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

CVSS: 9.8CWE: CWE-264
Read more
High

CVE-2018-0788

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vu…

CVSS: 7.0CWE: N/A
Read more
Medium

CVE-2018-0754

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2018-0753

Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the…

CVSS: 5.9CWE: N/A
Read more
Medium

CVE-2018-0750

The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation o…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2018-0749

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, W…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2018-0747

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 4.7CWE: N/A
Read more
High

CVE-2018-0744

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privi…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2018-0743

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in…

CVSS: 7.0CWE: N/A
Read more
Medium

CVE-2018-0741

The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Micro…

CVSS: 5.3CWE: N/A
Read more
2018-01-03
Medium

CVE-2017-1000483

Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part…

CVSS: 6.5CWE: N/A
Read more
2018-01-02
High

CVE-2017-1000438

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.

CVSS: 8.3CWE: N/A
Read more
Medium

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2017-1557

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sa…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-9966

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges a…

CVSS: 7.1CWE: N/A
Read more
>