Total
31801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11220 | 1 Bitmain | 6 Antminer D3, Antminer D3 Firmware, Antminer L3\+ and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function. | |||||
| CVE-2018-11214 | 3 Canonical, Debian, Ijg | 3 Ubuntu Linux, Debian Linux, Libjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | |||||
| CVE-2018-11213 | 3 Canonical, Debian, Ijg | 3 Ubuntu Linux, Debian Linux, Libjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | |||||
| CVE-2018-11088 | 1 Pivotal Software | 1 Pivotal Application Service | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. | |||||
| CVE-2018-11086 | 1 Pivotal Software | 1 Pivotal Application Service | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. | |||||
| CVE-2018-11084 | 1 Cloudfoundry | 1 Garden-runc | 2024-11-21 | 5.5 MEDIUM | 6.8 MEDIUM |
| Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps. | |||||
| CVE-2018-11083 | 1 Cloud Foundry | 1 Bosh | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources. | |||||
| CVE-2018-11081 | 1 Pivotal Software | 1 Operations Manager | 2024-11-21 | 4.0 MEDIUM | 7.9 HIGH |
| Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.. | |||||
| CVE-2018-11076 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. | |||||
| CVE-2018-11066 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. | |||||
| CVE-2018-11061 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges. | |||||
| CVE-2018-11060 | 1 Rsa | 1 Archer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges. | |||||
| CVE-2018-11039 | 3 Debian, Oracle, Vmware | 33 Debian Linux, Agile Plm, Application Testing Suite and 30 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. | |||||
| CVE-2018-10998 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | |||||
| CVE-2018-10982 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. | |||||
| CVE-2018-10962 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered. | |||||
| CVE-2018-10951 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | |||||
| CVE-2018-10944 | 1 Rasputinonline | 1 Rasputin Online Coin | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether. | |||||
| CVE-2018-10901 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. | |||||
| CVE-2018-10891 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank. | |||||