Total
33326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18810 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0. | |||||
| CVE-2018-18766 | 1 Provisio | 1 Sitekiosk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905. | |||||
| CVE-2018-18652 | 1 Veritas | 1 Netbackup Appliance | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. | |||||
| CVE-2018-18649 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. | |||||
| CVE-2018-18626 | 1 Phpyun | 1 Phpyun | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter. | |||||
| CVE-2018-18603 | 1 360totalsecurity | 1 360 Total Security | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue | |||||
| CVE-2018-18564 | 1 Roche | 6 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Coaguchek Pro Ii and 3 more | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
| An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration. | |||||
| CVE-2018-18556 | 1 Vyos | 1 Vyos | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges. | |||||
| CVE-2018-18537 | 1 Asus | 2 Aura Sync, Aura Sync Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. | |||||
| CVE-2018-18536 | 1 Asus | 2 Aura Sync, Aura Sync Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | |||||
| CVE-2018-18535 | 1 Asus | 2 Aura Sync, Aura Sync Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code. | |||||
| CVE-2018-18510 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64. | |||||
| CVE-2018-18506 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. | |||||
| CVE-2018-18497 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64. | |||||
| CVE-2018-18489 | 1 Tp-link | 2 Wr840n, Wr840n Firmware | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. | |||||
| CVE-2018-18442 | 2 D-link, Dlink | 2 Dcs-825l Firmware, Dcs-825l | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. An attacker can harm the device availability (i.e., live-online video/audio streaming) by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN flooding, UDP flooding, ICMP flooding, and SYN-ACK flooding. | |||||
| CVE-2018-18396 | 1 Moxa | 1 Thingspro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18395 | 1 Moxa | 1 Thingspro | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18393 | 1 Moxa | 1 Thingspro | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18392 | 1 Moxa | 1 Thingspro | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||