Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5242 | 1 Symantec | 1 Norton App Lock | 2019-10-02 | 7.2 HIGH | 6.2 MEDIUM |
| Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. | |||||
| CVE-2018-18766 | 1 Provisio | 1 Sitekiosk | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905. | |||||
| CVE-2018-19068 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The CGIProxy.fcgi?cmd=setTelnetSwitch feature is authorized for hidden factory credentials. | |||||
| CVE-2018-18893 | 1 Hubspot | 1 Jinjava | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java. | |||||
| CVE-2018-19074 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. | |||||
| CVE-2018-19093 | 1 Mz-automation | 1 Libiec61850 | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program. | |||||
| CVE-2018-19125 | 1 Prestashop | 1 Prestashop | 2019-10-02 | 6.4 MEDIUM | 7.5 HIGH |
| PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. | |||||
| CVE-2018-19359 | 1 Gitlab | 1 Gitlab | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. | |||||
| CVE-2018-19367 | 1 Portainer | 1 Portainer | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. | |||||
| CVE-2018-19409 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |||||
| CVE-2018-19410 | 1 Paessler | 1 Prtg Network Monitor | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator). | |||||
| CVE-2018-19437 | 1 Ucms Project | 1 Ucms | 2019-10-02 | 4.0 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty. | |||||
| CVE-2018-19475 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | |||||
| CVE-2018-19639 | 1 Opensuse | 1 Supportutils | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root. | |||||
| CVE-2018-19793 | 1 Jiacrontab Project | 1 Jiacrontab | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data. | |||||
| CVE-2018-19965 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2019-10-02 | 4.7 MEDIUM | 5.6 MEDIUM |
| An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. | |||||
| CVE-2018-20146 | 1 Liquidware | 2 Flexapp, Profileunity | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. | |||||
| CVE-2018-20226 | 1 Thehive-project | 1 Cortex | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. | |||||
| CVE-2018-20235 | 1 Atlassian | 1 Sourcetree | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
| There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. | |||||
| CVE-2018-20377 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | |||||