Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6533 | 1 Icinga | 1 Icinga | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
|
|||||
| CVE-2018-6521 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2018-6516 | 2 Microsoft, Puppet | 2 Windows, Puppet Enterprise Client Tools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.
|
|||||
| CVE-2018-6505 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
|
|||||
| CVE-2018-6503 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls.
|
|||||
| CVE-2018-6501 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.
|
|||||
| CVE-2018-6491 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2024-11-21 | 7.2 HIGH | 8.1 HIGH |
|
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
|
|||||
| CVE-2018-6479 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI.
|
|||||
| CVE-2018-6448 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
|
|||||
| CVE-2018-6445 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor System after extracting/decrypting the passwords.
|
|||||
| CVE-2018-6442 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
|
|||||
| CVE-2018-6441 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
|
|||||
| CVE-2018-6440 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
A vulnerability in the proxy service of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote unauthenticated attackers to obtain sensitive information and possibly cause a denial of service attack.
|
|||||
| CVE-2018-6439 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
|
|||||
| CVE-2018-6438 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
|
|||||
| CVE-2018-6437 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
|
|||||
| CVE-2018-6436 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.
|
|||||
| CVE-2018-6435 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
|
|||||
| CVE-2018-6400 | 1 Kingsoftstore | 1 Wps Office Free | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.
|
|||||
| CVE-2018-6322 | 1 Pandasecurity | 1 Panda Global Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.
|
|||||
| CVE-2018-6311 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications.
|
|||||
| CVE-2018-6305 | 1 Gemalto | 1 Sentinel Ldk Rte | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Denial of service in Gemalto's Sentinel LDK RTE version before 7.65
|
|||||
| CVE-2018-6303 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams
|
|||||
| CVE-2018-6302 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams
|
|||||
| CVE-2018-6301 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams
|
|||||
| CVE-2018-6300 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Remote password change in Hanwha Techwin Smartcams
|
|||||
| CVE-2018-6296 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An undocumented (hidden) capability for switching the web interface in Hanwha Techwin Smartcams
|
|||||
| CVE-2018-6292 | 1 Hyland | 1 Saperion Web Client | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Remote Code Execution in Saperion Web Client version 7.5.2 83166.
|
|||||
| CVE-2018-6290 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
|
|||||
| CVE-2018-6265 | 2 Microsoft, Nvidia | 2 Windows 7, Geforce Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
|
|||||
| CVE-2018-6263 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
|
|||||
| CVE-2018-6258 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.
|
|||||
| CVE-2018-6257 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.
|
|||||
| CVE-2018-6252 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service.
|
|||||
| CVE-2018-6183 | 1 Bitdefender | 1 Total Security | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group.
|
|||||
| CVE-2018-6175 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
|||||
| CVE-2018-6173 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
|||||
| CVE-2018-6172 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
|||||
| CVE-2018-6167 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
|||||
| CVE-2018-6166 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
|||||