Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2478 | 1 Sap | 1 Basis | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. | |||||
| CVE-2018-3315 | 1 Oracle | 1 Retail Customer Management And Segmentation Foundation | 2020-08-24 | 4.9 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Customer). Supported versions that are affected are 16.0 and 17.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. While the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N). | |||||
| CVE-2018-3316 | 1 Oracle | 1 Retail Customer Management And Segmentation Foundation | 2020-08-24 | 6.5 MEDIUM | 7.6 HIGH |
| Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Segment). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). | |||||
| CVE-2018-3595 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130 | |||||
| CVE-2018-2482 | 1 Sap | 1 Mobile Secure | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018. | |||||
| CVE-2018-2497 | 1 Sap | 1 Hana | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | |||||
| CVE-2018-2499 | 1 Sap | 2 Financial Consolidation Cube Designer, Financial Consolidation Cube Designer Bobj Eades | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. | |||||
| CVE-2018-2500 | 1 Sap | 1 Mobile Secure | 2020-08-24 | 1.9 LOW | 4.7 MEDIUM |
| Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2560 | 1 Oracle | 1 Solaris | 2020-08-24 | 1.2 LOW | 5.0 MEDIUM |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N). | |||||
| CVE-2018-3646 | 1 Intel | 8 Core I3, Core I5, Core I7 and 5 more | 2020-08-24 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. | |||||
| CVE-2019-16257 | 1 Motorola | 2 Motorola, Motorola Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | |||||
| CVE-2018-2589 | 1 Oracle | 1 Hospitality Simphony | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Server). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2019-16256 | 1 Samsung | 2 Samsung, Samsung Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | |||||
| CVE-2019-16253 | 1 Samsung | 1 Text-to-speech | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. | |||||
| CVE-2018-11396 | 1 Gnome | 1 Epiphany | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | |||||
| CVE-2019-15893 | 1 Sonatype | 1 Nexus Repository Manager | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | |||||
| CVE-2019-16251 | 1 Yithemes | 38 Yith Advanced Refund System For Woocommerce, Yith Color And Label Variations For Woocommerce, Yith Custom Thank You Page For Woocommerce and 35 more | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | |||||
| CVE-2018-4184 | 1 Apple | 1 Mac Os X | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. | |||||
| CVE-2019-15863 | 1 Convertplug | 1 Convertplus | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants. | |||||
| CVE-2018-4216 | 1 Apple | 1 Iphone Os | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1. | |||||