Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5524 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue. | |||||
| CVE-2018-5526 | 1 F5 | 1 Big-ip Application Security Manager | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack. | |||||
| CVE-2018-5529 | 3 Apple, F5, Linux | 4 Mac Os X, Big-ip Access Policy Manager, Big-ip Edge and 1 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service. | |||||
| CVE-2018-5532 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. | |||||
| CVE-2018-5538 | 1 F5 | 4 Big-ip Domain Name System, Big-ip Global Traffic Manager, Big-ip Link Controller and 1 more | 2019-10-02 | 4.3 MEDIUM | 3.7 LOW |
| On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0". | |||||
| CVE-2018-5694 | 1 Fop2 | 1 Flash Operator Panel | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter. | |||||
| CVE-2018-5702 | 2 Debian, Transmissionbt | 2 Debian Linux, Transmission | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. | |||||
| CVE-2018-5736 | 2 Isc, Netapp | 3 Bind, Cloud Backup, Data Ontap Edge | 2019-10-02 | 3.5 LOW | 5.3 MEDIUM |
| An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1. | |||||
| CVE-2018-5762 | 1 Unisys | 1 Clearpath Mcp | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
| CVE-2018-5777 | 1 Ipswitch | 1 Whatsup Gold | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors. | |||||
| CVE-2018-5795 | 1 Extremewireless | 1 Wing | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller. | |||||
| CVE-2018-5927 | 1 Hp | 1 Support Assistant | 2019-10-02 | 4.1 MEDIUM | 7.3 HIGH |
| HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code. | |||||
| CVE-2018-5999 | 1 Asus | 1 Asuswrt | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails. | |||||
| CVE-2018-6049 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. | |||||
| CVE-2018-6083 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | |||||
| CVE-2018-6098 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6104 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6105 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6107 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6108 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. | |||||