Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20892 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439). | |||||
| CVE-2019-16288 | 1 Tenda | 2 N301, N301 Firmware | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. | |||||
| CVE-2018-20959 | 1 Jura | 2 E8, E8 Firmware | 2020-08-24 | 4.8 MEDIUM | 8.1 HIGH |
| Jura E8 devices lack Bluetooth connection security. | |||||
| CVE-2018-20960 | 1 Nespresso | 2 Prodigo, Prodigo Firmware | 2020-08-24 | 4.8 MEDIUM | 8.1 HIGH |
| Nespresso Prodigio devices lack Bluetooth connection security. | |||||
| CVE-2018-2577 | 1 Oracle | 1 Solaris | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2018-3237 | 1 Oracle | 1 Applications Manager | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Support Cart). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-20979 | 1 Rocklobster | 1 Contact Form 7 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. | |||||
| CVE-2018-2584 | 1 Oracle | 1 Webcenter Sites | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-16287 | 1 Hp | 1 Thinpro | 2020-08-24 | 7.2 HIGH | 6.8 MEDIUM |
| In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges. | |||||
| CVE-2018-11076 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. | |||||
| CVE-2019-16284 | 1 Hp | 204 260 G1 Dm, 260 G1 Dm Firmware, 280 Pro G1 and 201 more | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. | |||||
| CVE-2018-2575 | 1 Oracle | 1 Database Server | 2020-08-24 | 2.1 LOW | 2.0 LOW |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, and 12.2.0.1. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with network access via multiple protocols to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. Note: Applicable only to Windows platform. CVSS 3.0 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-2362 | 1 Sap | 1 Hana | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname. | |||||
| CVE-2018-2369 | 1 Sap | 1 Hana | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory. | |||||
| CVE-2018-2373 | 1 Sap | 1 Hana Extend Application Services | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | |||||
| CVE-2018-2374 | 1 Sap | 1 Hana Extend Application Services | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space. | |||||
| CVE-2018-2375 | 1 Sap | 1 Hana Extend Application Services | 2020-08-24 | 5.5 MEDIUM | 8.1 HIGH |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | |||||
| CVE-2018-2376 | 1 Sap | 1 Hana Extend Application Services | 2020-08-24 | 5.5 MEDIUM | 8.1 HIGH |
| In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | |||||
| CVE-2018-2377 | 1 Sap | 1 Hana Extend Application Services | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users. | |||||
| CVE-2018-2378 | 1 Sap | 1 Hana Extend Application Services | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption. | |||||