Total
808 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19581 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | |||||
| CVE-2018-19578 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | |||||
| CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | |||||
| CVE-2018-17933 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot. | |||||
| CVE-2018-17210 | 1 Printeron | 1 Central Print Services | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a low-privileged user) by calling the core print job components directly via crafted HTTP GET and POST requests. | |||||
| CVE-2018-16086 | 1 Google | 1 Chrome | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2018-16077 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2018-16074 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2018-16073 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2018-15465 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device. | |||||
| CVE-2018-15405 | 1 Cisco | 1 Ucs Director | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks. | |||||
| CVE-2018-14666 | 1 Redhat | 1 Satellite | 2024-11-21 | 6.5 MEDIUM | 6.8 MEDIUM |
| An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions. | |||||
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | |||||
| CVE-2018-14637 | 1 Redhat | 1 Keycloak | 2024-11-21 | 6.8 MEDIUM | 6.1 MEDIUM |
| The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack. | |||||
| CVE-2018-13908 | 1 Qualcomm | 94 Ipq8074, Ipq8074 Firmware, Mdm9150 and 91 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-12467 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.5 MEDIUM | 6.0 MEDIUM |
| Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. | |||||
| CVE-2018-12466 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.5 MEDIUM | 4.4 MEDIUM |
| openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | |||||
| CVE-2018-10906 | 3 Debian, Fuse Project, Redhat | 5 Debian Linux, Fuse, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. | |||||
| CVE-2018-10861 | 4 Ceph, Debian, Opensuse and 1 more | 9 Ceph, Debian Linux, Leap and 6 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. | |||||
| CVE-2018-0460 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system. | |||||