Total
3640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25092 | 1 Vaerys-dawn | 1 Discordsailv2 | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483. | |||||
| CVE-2018-21007 | 1 Wisetr | 1 User Email Verification For Woocommerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | |||||
| CVE-2018-20957 | 1 Tapplock | 2 One\+, One\+ Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | |||||
| CVE-2018-20938 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | |||||
| CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | |||||
| CVE-2018-20890 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | |||||
| CVE-2018-1168 | 1 Hitachienergy | 2 Sys600, Sys600 Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | |||||
| CVE-2018-1129 | 4 Ceph, Debian, Opensuse and 1 more | 10 Ceph, Debian Linux, Leap and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | |||||
| CVE-2018-1080 | 1 Dogtagpki | 1 Dogtagpki | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences. | |||||
| CVE-2018-1069 | 1 Redhat | 1 Openshift | 2024-11-21 | 5.4 MEDIUM | 7.1 HIGH |
| Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. | |||||
| CVE-2018-19945 | 1 Qnap | 1 Qts | 2024-11-21 | 8.5 HIGH | 9.1 CRITICAL |
| A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | |||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | |||||
| CVE-2018-19588 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. | |||||
| CVE-2018-19577 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | |||||
| CVE-2018-19576 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 8.1 HIGH |
| GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | |||||
| CVE-2018-19496 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. | |||||
| CVE-2018-19494 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. | |||||
| CVE-2018-18958 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | |||||
| CVE-2018-17953 | 3 Kernel, Opensuse, Suse | 3 Linux-pam, Leap, Linux Enterprise | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | |||||
| CVE-2018-17931 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges. | |||||