Total
31733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7099 | 1 Hp | 1 3par Service Provider | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. | |||||
| CVE-2018-7096 | 1 Hp | 1 3par Service Provider | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. | |||||
| CVE-2018-7095 | 1 Hp | 1 3par Service Provider | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. | |||||
| CVE-2018-7094 | 1 Hpe | 1 3par Service Provider | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. | |||||
| CVE-2018-7093 | 1 Hp | 7 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware and 4 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. | |||||
| CVE-2018-7080 | 1 Arubanetworks | 9 203r, 203r Firmware, 203rp and 6 more | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986. | |||||
| CVE-2018-7078 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. | |||||
| CVE-2018-7077 | 1 Hp | 2 Xp P9000 Configuration Manager, Xp P9000 Device Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information. | |||||
| CVE-2018-7074 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version. | |||||
| CVE-2018-7066 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix. | |||||
| CVE-2018-6979 | 1 Vmware | 1 Airwatch Console | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases. | |||||
| CVE-2018-6968 | 1 Vmware | 1 Airwatch Agent | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator. | |||||
| CVE-2018-6964 | 2 Linux, Vmware | 2 Linux Kernel, Horizon Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed. | |||||
| CVE-2018-6962 | 1 Vmware | 1 Fusion | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. | |||||
| CVE-2018-6957 | 1 Vmware | 3 Fusion, Workstation Player, Workstation Pro | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. | |||||
| CVE-2018-6871 | 4 Canonical, Debian, Libreoffice and 1 more | 9 Ubuntu Linux, Debian Linux, Libreoffice and 6 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | |||||
| CVE-2018-6826 | 1 Omninova | 2 Vobot, Vobot Firmware | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response. | |||||
| CVE-2018-6823 | 1 Mailbutler | 1 Shimo | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root. | |||||
| CVE-2018-6822 | 1 Purevpn | 1 Purevpn | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root. | |||||
| CVE-2018-6809 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. | |||||