Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2403 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
|
|||||
| CVE-2018-2400 | 1 Redwood | 1 Sap Business Process Automation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted.
|
|||||
| CVE-2018-2396 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
|
|||||
| CVE-2018-2395 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.
|
|||||
| CVE-2018-2394 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.
|
|||||
| CVE-2018-2391 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service.
|
|||||
| CVE-2018-2390 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service.
|
|||||
| CVE-2018-2387 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
|
|||||
| CVE-2018-2382 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
|
|||||
| CVE-2018-2378 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
|
|||||
| CVE-2018-2377 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.
|
|||||
| CVE-2018-2376 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
|
|||||
| CVE-2018-2375 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
|
|||||
| CVE-2018-2374 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
|
|||||
| CVE-2018-2373 | 1 Sap | 1 Hana Extended Application Services | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
|
|||||
| CVE-2018-2369 | 1 Sap | 1 Hana | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory.
|
|||||
| CVE-2018-2362 | 1 Sap | 1 Hana | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.
|
|||||
| CVE-2018-25089 | 1 Glb | 1 Meetup Tag | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned ...
Show More |
|||||
| CVE-2018-25041 | 1 Utorrent | 1 Web | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2018-25040 | 1 Utorrent | 1 Web | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2018-21231 | 1 Netgear | 116 D1500, D1500 Firmware, D500 and 113 more | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0 ...
Show More |
|||||
| CVE-2018-21230 | 1 Netgear | 116 D1500, D1500 Firmware, D500 and 113 more | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.57, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX2700 before 1.0.1.42, EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6100 before 1.0.2.18, EX6120 before 1.0.0.32, EX6130 before 1.0.0 ...
Show More |
|||||
| CVE-2018-21229 | 1 Netgear | 10 R7500, R7500 Firmware, R7800 and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R7500v2 before 1.0.3.20, R7800 before 1.0.2.38, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
|
|||||
| CVE-2018-21169 | 1 Netgear | 54 D7000, D7000 Firmware, D7800 and 51 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7000 before 2018-03-01, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 2018-03-01, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 bef ...
Show More |
|||||
| CVE-2018-21166 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
|
|||||
| CVE-2018-21165 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
|
|||||
| CVE-2018-21161 | 1 Netgear | 6 D7800, D7800 Firmware, R7800 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.46, and R9000 before 1.0.3.16.
|
|||||
| CVE-2018-21159 | 1 Netgear | 1 Readynas Os | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect configuration of security settings.
|
|||||
| CVE-2018-21158 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.
|
|||||
| CVE-2018-21142 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
|
|||||
| CVE-2018-21138 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
|
|||||
| CVE-2018-21131 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
|
|||||
| CVE-2018-21117 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.
|
|||||
| CVE-2018-21116 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.
|
|||||
| CVE-2018-21075 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018).
|
|||||
| CVE-2018-21063 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).
|
|||||
| CVE-2018-20979 | 1 Rocklobster | 1 Contact Form 7 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
|
|||||
| CVE-2018-20960 | 1 Nespresso | 2 Prodigo, Prodigo Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
|
Nespresso Prodigio devices lack Bluetooth connection security.
|
|||||
| CVE-2018-20959 | 1 Jura | 2 E8, E8 Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
|
Jura E8 devices lack Bluetooth connection security.
|
|||||
| CVE-2018-20892 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
|
|||||