Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5485 | 2 Microsoft, Netapp | 2 Windows, Oncommand Unified Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.
|
|||||
| CVE-2018-5472 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.
|
|||||
| CVE-2018-5468 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
|
|||||
| CVE-2018-5454 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.
|
|||||
| CVE-2018-5437 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
|
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7. ...
Show More |
|||||
| CVE-2018-5435 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2024-11-21 | 10.0 HIGH | 9.6 CRITICAL |
|
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, ...
Show More |
|||||
| CVE-2018-5429 | 1 Tibco | 5 Jasperreports Library, Jasperreports Server, Jaspersoft and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jas ...
Show More |
|||||
| CVE-2018-5412 | 1 Imperva | 1 Securesphere | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
|
|||||
| CVE-2018-5392 | 1 Mingw | 1 Mingw-w64 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are ...
Show More |
|||||
| CVE-2018-5340 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
|
|||||
| CVE-2018-5330 | 1 Zyxel | 2 P-660hw V3, P-660hw V3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.
|
|||||
| CVE-2018-5327 | 2 Cmcm, Google | 2 Armorfly Browser \& Downloader, Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.
|
|||||
| CVE-2018-5326 | 2 Cmcm, Google | 2 Cm Browser, Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.
|
|||||
| CVE-2018-5267 | 1 Cobham | 2 Sea Tel 121, Sea Tel 121 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.
|
|||||
| CVE-2018-5259 | 1 Discuz | 1 Discuzx | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
|
|||||
| CVE-2018-5255 | 1 Arista | 1 Eos | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.
|
|||||
| CVE-2018-5242 | 1 Symantec | 1 Norton App Lock | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
|
Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
|
|||||
| CVE-2018-5241 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass use ...
Show More |
|||||
| CVE-2018-5240 | 1 Symantec | 1 Inventory | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
|
The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
|
|||||
| CVE-2018-5239 | 1 Symantec | 1 Norton App Lock | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
|
Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access.
|
|||||
| CVE-2018-5237 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
|
|||||
| CVE-2018-5234 | 1 Symantec | 2 Norton Core, Norton Core Firmware | 2024-11-21 | 8.3 HIGH | 8.0 HIGH |
|
The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.
|
|||||
| CVE-2018-5231 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.
|
|||||
| CVE-2018-5226 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.
|
|||||
| CVE-2018-5202 | 1 Signkorea | 1 Skcertservice | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.
|
|||||
| CVE-2018-5165 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.
|
|||||
| CVE-2018-5142 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.
|
|||||
| CVE-2018-5105 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.
|
|||||
| CVE-2018-4994 | 1 Adobe | 1 Connect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-4872 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
|
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.
|
|||||
| CVE-2018-4858 | 1 Siemens | 11 Digsi 4, Digsi 4 Firmware, Digsi 5 and 8 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to e ...
Show More |
|||||
| CVE-2018-4856 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.
|
|||||
| CVE-2018-4854 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.
|
|||||
| CVE-2018-4853 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device.
|
|||||
| CVE-2018-4850 | 1 Siemens | 4 Simatic S7-400, Simatic S7-400 Firmware, Simatic S7-400h and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.
|
|||||
| CVE-2018-4839 | 1 Siemens | 17 Digsi 4, En100 Ethernet Module Dnp3, En100 Ethernet Module Dnp3 Firmware and 14 more | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTE ...
Show More |
|||||
| CVE-2018-4837 | 1 Siemens | 1 Telecontrol Server Basic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.
|
|||||
| CVE-2018-4836 | 1 Siemens | 1 Telecontrol Server Basic | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.
|
|||||
| CVE-2018-4470 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
|
|||||
| CVE-2018-4468 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files.
|
|||||