Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16214 | 1 Libra | 1 Libra Core | 2020-08-24 | 3.5 LOW | 5.7 MEDIUM |
| Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the \r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the \r character. | |||||
| CVE-2018-1219 | 1 Emc | 1 Rsa Archer | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks. | |||||
| CVE-2019-16181 | 1 Limesurvey | 1 Limesurvey | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| In Limesurvey before 3.17.14, admin users can mark other users' notifications as read. | |||||
| CVE-2018-12179 | 1 Tianocore | 1 Edk Ii | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | |||||
| CVE-2018-2700 | 1 Oracle | 1 Hospitality Cruise Fleet Management | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2018-2702 | 1 Oracle | 1 Peoplesoft Enterprise Scm Strategic Sourcing | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2018-6979 | 1 Vmware | 1 Airwatch Console | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases. | |||||
| CVE-2018-7080 | 1 Arubanetworks | 9 203r, 203r Firmware, 203rp and 6 more | 2020-08-24 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986. | |||||
| CVE-2018-2708 | 1 Oracle | 1 Banking Payments | 2020-08-24 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2019-15846 | 2 Debian, Exim | 2 Debian Linux, Exim | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |||||
| CVE-2018-7077 | 1 Hp | 2 Xp P9000 Configuration Manager, Xp P9000 Device Manager | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information. | |||||
| CVE-2019-15845 | 2 Canonical, Ruby-lang | 2 Ubuntu Linux, Ruby | 2020-08-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. | |||||
| CVE-2018-2709 | 1 Oracle | 1 Banking Corporate Lending | 2020-08-24 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2018-7094 | 1 Hpe | 1 3par Service Provider | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. | |||||
| CVE-2019-16382 | 1 Ivanti | 1 Workspace Control | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file. | |||||
| CVE-2018-7099 | 1 Hp | 1 3par Service Provider | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. | |||||
| CVE-2018-7100 | 1 Hp | 6 Officeconnect 1810-24g Switch, Officeconnect 1810-24g Switch Firmware, Officeconnect 1810-48g Switch and 3 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. | |||||
| CVE-2018-7101 | 1 Hp | 17 Integrated Lights-out, Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware and 14 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30. | |||||
| CVE-2018-7103 | 1 Hp | 1 Intelligent Management Center Wireless Services Manager Software | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | |||||
| CVE-2018-7104 | 1 Hp | 1 Intelligent Management Center Wireless Services Manager Software | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. | |||||