CVE Daily
← All years

Uncategorized 2018

Page 2/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2018-11-20
High

CVE-2018-18564

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and…

CVSS: 7.4CWE: N/A
Read more
Medium

CVE-2018-12037

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX…

CVSS: 4.0CWE: N/A
Read more
Critical

CVE-2018-19367

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it w…

CVSS: 9.8CWE: N/A
Read more
2018-11-19
Critical

CVE-2018-17190

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2018-15761

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the ur…

CVSS: 9.9CWE: N/A
Read more
2018-11-18
High

CVE-2018-19358

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One p…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2008-7320

GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is di…

CVSS: 6.8CWE: CWE-255
Read more
2018-11-17
Critical

CVE-2018-19333

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID…

CVSS: 9.8CWE: N/A
Read more
2018-11-16
High

CVE-2018-15769

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some f…

CVSS: 8.1CWE: N/A
Read more
Critical

CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using =…

CVSS: 9.8CWE: N/A
Read more
2018-11-15
Critical

CVE-2018-8529

A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Serve…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2018-16163

OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2018-16162

OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-16161

OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-0701

BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-0690

An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2018-0682

Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or c…

CVSS: 9.8CWE: N/A
Read more
2018-11-14
Critical

CVE-2018-5495

All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin N…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2018-9580

A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2018-9525

In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This c…

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2018-15708

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2018-6083

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.

CVSS: 8.8CWE: N/A
Read more
Medium

CVE-2018-17477

Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2018-17476

Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2018-17475

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2018-17473

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2018-17471

Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2018-17464

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2018-17463

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-3698

Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2018-8592

An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 1…

CVSS: 6.4CWE: N/A
Read more
High

CVE-2018-8589

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Window…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8582

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects O…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-8581

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

CVSS: 7.4CWE: N/A
Read more
Medium

CVE-2018-8579

An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Offic…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2018-8578

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disc…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2018-8577

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8576

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affect…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8575

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affect…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8574

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8573

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Micr…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2018-8567

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it i…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2018-8566

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, W…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2018-8564

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2018-8563

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, W…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2018-8553

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affe…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8550

An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Se…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2018-8549

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1,…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2018-8546

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync,…

CVSS: 5.9CWE: N/A
Read more
Medium

CVE-2018-8545

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2018-8539

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Micr…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8524

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affect…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-8522

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affect…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2018-8417

A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Wi…

CVSS: 5.3CWE: N/A
Read more
Medium

CVE-2018-8416

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2018-8256

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, P…

CVSS: 8.8CWE: N/A
Read more
2018-11-13
High

CVE-2018-2488

It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-2487

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in diffe…

CVSS: 8.3CWE: N/A
Read more
High

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs…

CVSS: 7.7CWE: N/A
Read more
High

CVE-2018-2482

SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or fl…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2018-2478

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all c…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2018-2473

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from access…

CVSS: 6.5CWE: N/A
Read more
2018-11-12
High

CVE-2018-19203

PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request.

CVSS: 7.5CWE: N/A
Read more
2018-11-09
High

CVE-2018-19125

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2018-1799

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the data…

CVSS: 6.2CWE: N/A
Read more
Medium

CVE-2018-1684

IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.

CVSS: 5.3CWE: N/A
Read more
2018-11-08
Medium

CVE-2018-7718

An issue was discovered in Telexy QPath 5.4.462. A low privileged authenticated user supplying a specially crafted serialized request to AdanitDataService.svc may modify user information, including b…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2018-6438

A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-6437

A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, ga…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-6436

A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted s…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-15448

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use th…

CVSS: 7.5CWE: CWE-16
Read more
Medium

CVE-2018-0284

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The…

CVSS: 6.5CWE: CWE-264
Read more
High

CVE-2018-6442

A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-6441

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass t…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-6435

A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2018-11777

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

CVSS: 8.1CWE: N/A
Read more
2018-11-07
High

CVE-2018-19074

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2018-19068

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory…

CVSS: 4.9CWE: N/A
Read more
2018-11-06
Medium

CVE-2018-9438

When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additiona…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2018-1694

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational…

CVSS: 5.9CWE: N/A
Read more
Medium

CVE-2018-18966

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elemen…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2018-18965

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2018-18964

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several extensions in whic…

CVSS: 4.9CWE: N/A
Read more
2018-11-05
High

CVE-2018-13397

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to com…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2018-13396

There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit…

CVSS: 8.8CWE: N/A
Read more
2018-11-02
Critical

CVE-2018-3934

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2018-3920

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a f…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2018-3891

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware d…

CVSS: 4.6CWE: N/A
Read more
2018-10-31
Medium

CVE-2018-15322

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0,…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2018-15320

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2018-15317

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data struc…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2018-18850

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially al…

CVSS: 8.8CWE: N/A
Read more
2018-10-30
Critical

CVE-2017-8931

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2015-7266

The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveragi…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2018-18817

The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.

CVSS: 7.5CWE: N/A
Read more
2018-10-29
Critical

CVE-2018-18748

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the obser…

CVSS: 10.0CWE: N/A
Read more
2018-10-26
High

CVE-2018-3588

There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM965…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-18311

XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Sna…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-18310

ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, S…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-18308

Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430

CVSS: 7.8CWE: N/A
Read more
2018-10-25
High

CVE-2018-18652

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient f…

CVSS: 7.2CWE: N/A
Read more
2018-10-24
High

CVE-2016-10730

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users direct…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2018-11804

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to…

CVSS: 7.5CWE: N/A
Read more
2018-10-23
Critical

CVE-2018-17448

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

CVSS: 9.8CWE: N/A
Read more
High

CVE-2018-18626

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/dat…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2018-8569

A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affe…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2018-18603

360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that thi…

CVSS: 6.3CWE: N/A
Read more
Medium

CVE-2018-7911

Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00),…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2017-18313

Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is lo…

CVSS: 5.3CWE: N/A
Read more
High

CVE-2017-18305

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212…

CVSS: 7.0CWE: N/A
Read more
High

CVE-2017-18296

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607,…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-18293

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2017-18282

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD…

CVSS: 7.8CWE: N/A
Read more
2018-10-22
High

CVE-2018-1850

IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.

CVSS: 8.8CWE: N/A
Read more
2018-10-19
High

CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

CVSS: 8.6CWE: N/A
Read more
High

CVE-2018-18223

Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.

CVSS: 8.1CWE: N/A
Read more
High

CVE-2018-12669

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/para…

CVSS: 8.8CWE: N/A
Read more
Critical

CVE-2018-18396

Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2018-18395

Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

CVSS: 9.8CWE: N/A
Read more
>