Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17957 | 1 Suse | 1 Repository Mirroring Tool | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
| The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. | |||||
| CVE-2018-18814 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0. | |||||
| CVE-2018-19000 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. | |||||
| CVE-2018-17928 | 1 Abb | 2 Cms-770, Cms-770 Firmware | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism. | |||||
| CVE-2018-17926 | 1 Abb | 3 Eth-fw Firmware, Fw Firmware, M2m Ethernet | 2019-10-09 | 3.3 LOW | 4.3 MEDIUM |
| The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. | |||||
| CVE-2018-16464 | 1 Nextcloud | 1 Nextcloud Server | 2019-10-09 | 3.5 LOW | 5.7 MEDIUM |
| A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | |||||
| CVE-2018-16465 | 1 Nextcloud | 1 Nextcloud Server | 2019-10-09 | 4.3 MEDIUM | 5.3 MEDIUM |
| Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | |||||
| CVE-2018-16467 | 1 Nextcloud | 1 Nextcloud Server | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | |||||
| CVE-2018-14782 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. | |||||
| CVE-2018-14637 | 1 Redhat | 1 Keycloak | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack. | |||||
| CVE-2018-15371 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device. | |||||
| CVE-2018-14781 | 1 Medtronicdiabetes | 18 508 Minimed Insulin Pump, 508 Minimed Insulin Pump Firmware, 522 Paradigm Real-time and 15 more | 2019-10-09 | 2.9 LOW | 5.3 MEDIUM |
| Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. | |||||
| CVE-2018-14805 | 1 Abb | 1 Esoms | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | |||||
| CVE-2018-15721 | 1 Logitech | 2 Harmony Hub, Harmony Hub Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. | |||||
| CVE-2018-15556 | 1 Actiontec | 2 Web6000q, Web6000q Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers. | |||||
| CVE-2018-12551 | 1 Eclipse | 1 Mosquitto | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. | |||||
| CVE-2018-13816 | 1 Siemens | 2 Tim 1531 Irc, Tim 1531 Irc Firmware | 2019-10-09 | 7.5 HIGH | 10.0 CRITICAL |
| A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-13990 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. | |||||
| CVE-2018-12472 | 1 Suse | 1 Subscription Management Tool | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | |||||
| CVE-2018-10847 | 1 Prosody | 1 Prosody | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance. | |||||