Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21128 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2018-21125 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. | |||||
| CVE-2018-21121 | 1 Netgear | 6 Gs810emx, Gs810emx Firmware, Xs512em and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. | |||||
| CVE-2018-21118 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. | |||||
| CVE-2018-21062 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). | |||||
| CVE-2018-21038 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | |||||
| CVE-2018-20954 | 1 Mailpile | 1 Mailpile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | |||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | |||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | |||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | |||||
| CVE-2018-20735 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration | |||||
| CVE-2018-20675 | 1 Dlink | 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | |||||
| CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2018-20422 | 1 Comsenz | 1 Discuzx | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed). | |||||
| CVE-2018-20342 | 1 Floureon | 1 Sp012 | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. | |||||
| CVE-2018-1987 | 1 Ibm | 1 Data Protection | 2024-11-21 | 1.9 LOW | 7.8 HIGH |
| IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280. | |||||
| CVE-2018-1822 | 1 Ibm | 4 Flashsystem 840, Flashsystem 840 Firmware, Flashsystem 900 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296. | |||||
| CVE-2018-1778 | 1 Ibm | 1 Api Connect | 2024-11-21 | 9.3 HIGH | 7.7 HIGH |
| IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801. | |||||
| CVE-2018-1773 | 1 Ibm | 1 Datacap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. | |||||
| CVE-2018-1738 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907. | |||||