Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15515 | 1 Dlink | 1 Central Wifimanager | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. | |||||
| CVE-2018-15804 | 1 Mapr | 1 Mapr | 2019-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919. | |||||
| CVE-2018-15572 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-02 | 2.1 LOW | 6.5 MEDIUM |
| The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. | |||||
| CVE-2018-15590 | 1 Ivanti | 1 Workspace Control | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector. | |||||
| CVE-2018-1583 | 1 Ibm | 1 Storediq | 2019-10-02 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331. | |||||
| CVE-2018-15660 | 1 Olacabs | 1 Olamoney | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| ** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix. | |||||
| CVE-2018-15708 | 1 Nagios | 1 Nagios Xi | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2018-15758 | 1 Pivotal Software | 1 Spring Security Oauth | 2019-10-02 | 6.8 MEDIUM | 8.1 HIGH |
| Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient). | |||||
| CVE-2018-15908 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | |||||
| CVE-2018-15881 | 1 Joomla | 1 Joomla\! | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. | |||||
| CVE-2018-15906 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file. | |||||
| CVE-2018-15966 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-16018 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-02 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-16044 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-02 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-16045 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-02 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-16092 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2019-10-02 | 4.3 MEDIUM | 8.1 HIGH |
| In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file. | |||||
| CVE-2018-16161 | 1 Opendolphin | 1 Opendolphin | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
| OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations. | |||||
| CVE-2018-16162 | 1 Opendolphin | 1 Opendolphin | 2019-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors. | |||||
| CVE-2018-16197 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-10-02 | 3.3 LOW | 6.5 MEDIUM |
| Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. | |||||
| CVE-2018-16198 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-10-02 | 5.8 MEDIUM | 8.8 HIGH |
| Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. | |||||