Total
4166 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3762 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | ||||
| CVE-2018-3183 | 5 Canonical, Debian, Hp and 2 more | 18 Ubuntu Linux, Debian Linux, Xp7 Command View and 15 more | 2024-11-21 | 9.0 Critical |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2018-3169 | 5 Canonical, Debian, Hp and 2 more | 17 Ubuntu Linux, Debian Linux, Xp7 Command View and 14 more | 2024-11-21 | 8.3 High |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2018-2634 | 6 Canonical, Debian, Hp and 3 more | 19 Ubuntu Linux, Debian Linux, Xp7 Command View and 16 more | 2024-11-21 | 6.8 Medium |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2018-25093 | 1 Vaerys-dawn | 1 Discordsailv2 | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484. | ||||
| CVE-2018-25092 | 1 Vaerys-dawn | 1 Discordsailv2 | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483. | ||||
| CVE-2018-21007 | 1 Wisetr | 1 User Email Verification For Woocommerce | 2024-11-21 | N/A |
| The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | ||||
| CVE-2018-20957 | 1 Tapplock | 2 One\+, One\+ Firmware | 2024-11-21 | N/A |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | ||||
| CVE-2018-20938 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | ||||
| CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | ||||
| CVE-2018-20890 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | ||||
| CVE-2018-1305 | 5 Apache, Canonical, Debian and 2 more | 10 Tomcat, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. | ||||
| CVE-2018-1304 | 5 Apache, Canonical, Debian and 2 more | 13 Tomcat, Ubuntu Linux, Debian Linux and 10 more | 2024-11-21 | N/A |
| The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. | ||||
| CVE-2018-1168 | 1 Hitachienergy | 2 Sys600, Sys600 Firmware | 2024-11-21 | N/A |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | ||||
| CVE-2018-1129 | 4 Ceph, Debian, Opensuse and 1 more | 10 Ceph, Debian Linux, Leap and 7 more | 2024-11-21 | N/A |
| A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | ||||
| CVE-2018-1099 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | N/A |
| DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). | ||||
| CVE-2018-1080 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Enterprise Linux | 2024-11-21 | N/A |
| Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences. | ||||
| CVE-2018-1069 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
| Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem. | ||||
| CVE-2018-19945 | 1 Qnap | 1 Qts | 2024-11-21 | 9.1 Critical |
| A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | ||||
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-11-21 | 7.5 High |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | ||||