Total
3640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17921 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. | |||||
| CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | |||||
| CVE-2018-17559 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | N/A | 7.5 HIGH |
| Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | |||||
| CVE-2018-17151 | 1 Intersystems | 1 Cache | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. | |||||
| CVE-2018-17148 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | |||||
| CVE-2018-16838 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | |||||
| CVE-2018-16553 | 1 Jspxcms | 1 Jspxcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. | |||||
| CVE-2018-16476 | 2 Redhat, Rubyonrails | 2 Cloudforms, Rails | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. | |||||
| CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | |||||
| CVE-2018-15645 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | |||||
| CVE-2018-15640 | 1 Odoo | 1 Odoo | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request. | |||||
| CVE-2018-15631 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request. | |||||
| CVE-2018-15611 | 1 Avaya | 1 Aura Communication Manager | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
| A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. | |||||
| CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2024-11-21 | 9.0 HIGH | 7.3 HIGH |
| A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | |||||
| CVE-2018-15513 | 1 Totemo | 1 Totemomail | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | |||||
| CVE-2018-15466 | 1 Cisco | 1 Policy Suite For Mobile | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment. | |||||
| CVE-2018-15459 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 6.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account. | |||||
| CVE-2018-15398 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | 4.3 MEDIUM | 4.0 MEDIUM |
| A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL. | |||||
| CVE-2018-15395 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-11-21 | 2.7 LOW | 5.4 MEDIUM |
| A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances. | |||||
| CVE-2018-15394 | 1 Cisco | 1 Stealthwatch Enterprise | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC. | |||||