Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3612 | 1 Intel | 18 Ayaplcel.86a, Bios, Bnkbl357.86a and 15 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
|
|||||
| CVE-2018-3611 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.
|
|||||
| CVE-2018-3597 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.
|
|||||
| CVE-2018-3582 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
|
|||||
| CVE-2018-3574 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.
|
|||||
| CVE-2018-2465 | 1 Sap | 1 Hana | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.
|
|||||
| CVE-2018-2462 | 1 Sap | 1 Netweaver | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
|
|||||
| CVE-2018-2439 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to th ...
Show More |
|||||
| CVE-2018-2424 | 1 Sap | 4 Hana Database, Ui, Ui5 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
|
|||||
| CVE-2018-2416 | 1 Sap | 1 Identity Management | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
|
|||||
| CVE-2018-2015 | 1 Ibm | 1 Api Connect | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
|
IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195.
|
|||||
| CVE-2018-25031 | 1 Smartbear | 1 Swagger Ui | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
|
|||||
| CVE-2018-25004 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.
|
|||||
| CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.
|
|||||
| CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
|
|||||
| CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
|
|||||
| CVE-2018-21259 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.
|
|||||
| CVE-2018-21141 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2024-11-21 | 2.7 LOW | 4.5 MEDIUM |
|
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
|
|||||
| CVE-2018-21140 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
|
|||||
| CVE-2018-21122 | 1 Netgear | 8 Gs110emx, Gs110emx Firmware, Gs810emx and 5 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.
|
|||||
| CVE-2018-21115 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.
|
|||||
| CVE-2018-21092 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018).
|
|||||
| CVE-2018-21078 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018).
|
|||||
| CVE-2018-21068 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018).
|
|||||
| CVE-2018-21055 | 2 Google, Qualcomm | 2 Android, Msm8996 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018).
|
|||||
| CVE-2018-21036 | 1 Sailsjs | 1 Sails | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
|
|||||
| CVE-2018-21033 | 4 Hitachi, Linux, Microsoft and 1 more | 11 Automation Director, Compute Systems Manager, Device Manager and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
|
|||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
|
|||||
| CVE-2018-20985 | 1 Payeezy | 1 Wp Payeezy Pay | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.
|
|||||
| CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
|
|||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
|
|||||
| CVE-2018-20973 | 1 Codeermeneer | 1 Companion Auto Update | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
|
|||||
| CVE-2018-20917 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
|
|||||
| CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
|
|||||
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.3 LOW | 2.8 LOW |
|
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
|
|||||
| CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
|
|||||
| CVE-2018-20893 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
|
|||||
| CVE-2018-20891 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
|
|||||
| CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
|
|||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.6 MEDIUM | 6.8 MEDIUM |
|
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
|
|||||