Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10508 | 1 Trendmicro | 1 Officescan | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability. | |||||
| CVE-2018-10507 | 1 Trendmicro | 1 Officescan | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability. | |||||
| CVE-2018-10500 | 1 Samsung | 1 Galaxy Apps | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331. | |||||
| CVE-2018-10465 | 1 Jamf | 1 Jamf | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of account privileges or privilege sets. An authenticated Jamf Pro account without required privileges could be used to perform CRUD actions (GET, POST, PUT, DELETE) on UAPI endpoints, which could result in unauthorized information disclosure, compromised data integrity, and data loss. For a full listing of available UAPI endpoints and associated CRUD actions you can navigate to /uapi/doc in your instance of Jamf Pro. | |||||
| CVE-2018-10425 | 1 Hz-soft | 1 Security Guard | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered. | |||||
| CVE-2018-10305 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | |||||
| CVE-2018-10192 | 1 Ipvanish | 1 Ipvanish | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the "connect" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user. | |||||
| CVE-2018-10123 | 1 Intenogroup | 2 Iopsys, Iopsys Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. | |||||
| CVE-2018-10063 | 1 Convert Forms Project | 1 Convert Forms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file. | |||||
| CVE-2018-10021 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables | |||||
| CVE-2018-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
| In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | |||||
| CVE-2018-1000654 | 1 Gnu | 1 Libtasn1 | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. | |||||
| CVE-2018-1000628 | 1 Battelle | 1 V2i Hub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions. | |||||
| CVE-2018-1000626 | 1 Battelle | 1 V2i Hub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the system. | |||||
| CVE-2018-1000615 | 1 Onosproject | 1 Onos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. | |||||
| CVE-2018-1000551 | 1 Trovebox | 1 Trovebox | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe. | |||||
| CVE-2018-1000419 | 1 Atlassian | 1 Hipchat | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | |||||
| CVE-2018-1000408 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory. | |||||
| CVE-2018-1000204 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 6.3 MEDIUM | 5.3 MEDIUM |
| Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit. | |||||
| CVE-2018-1000203 | 1 Soarlabs | 1 Soarcoin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed. | |||||