Total
2430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4844 | 1 Siemens | 1 Simatic Wincc Oa Ui | 2024-11-21 | 6.7 Medium |
| A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | ||||
| CVE-2018-4478 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 Medium |
| A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges. | ||||
| CVE-2018-4310 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. | ||||
| CVE-2018-4173 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app. | ||||
| CVE-2018-4008 | 1 Shimovpn | 1 Shimo Vpn | 2024-11-21 | 7.8 High |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. | ||||
| CVE-2018-3682 | 1 Intel | 70 Bbs2600bpb, Bbs2600bpq, Bbs2600bps and 67 more | 2024-11-21 | N/A |
| BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. | ||||
| CVE-2018-3635 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | 7.8 High |
| Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | ||||
| CVE-2018-2481 | 1 Sap | 1 Advanced Business Application Programming | 2024-11-21 | N/A |
| In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality. | ||||
| CVE-2018-21226 | 1 Netgear | 10 Jnr1010, Jnr1010 Firmware, Jwnr2010 and 7 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48. | ||||
| CVE-2018-21124 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 8.8 High |
| NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation. | ||||
| CVE-2018-21025 | 1 Centreon | 1 Centreon Vm | 2024-11-21 | 9.8 Critical |
| In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | ||||
| CVE-2018-21013 | 1 Upperthemes | 1 Swape | 2024-11-21 | 9.8 Critical |
| The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. | ||||
| CVE-2018-20193 | 1 Pulsesecure | 1 Secure Access Series Ssl Vpn Sa-4000 | 2024-11-21 | N/A |
| Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes. | ||||
| CVE-2018-1973 | 1 Ibm | 1 Api Connect | 2024-11-21 | N/A |
| IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914. | ||||
| CVE-2018-1941 | 1 Ibm | 1 Campaign | 2024-11-21 | N/A |
| IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382. | ||||
| CVE-2018-1550 | 1 Ibm | 3 Tivoli Storage Manager, Tivoli Storage Manager For Space Management, Tivoli Storage Manager For Virtual Environments | 2024-11-21 | N/A |
| IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696. | ||||
| CVE-2018-1460 | 1 Ibm | 1 Puredata System For Analytics | 2024-11-21 | N/A |
| IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211. | ||||
| CVE-2018-1368 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | N/A |
| IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765. | ||||
| CVE-2018-1182 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2024-11-21 | N/A |
| An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges. | ||||
| CVE-2018-1134 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. | ||||