Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7511 | 1 Eaton | 1 Elcsoft | 2019-10-09 | 6.8 MEDIUM | 5.3 MEDIUM |
| In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | |||||
| CVE-2018-5474 | 1 Philips | 1 Intellispace Portal | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. | |||||
| CVE-2018-5441 | 1 Phoenixcontact | 46 Mguard Centerport, Mguard Centerport Firmware, Mguard Core Tx Vpn and 43 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. | |||||
| CVE-2018-5447 | 1 Nrec | 2 Pcs-9611, Pcs-9611 Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system. | |||||
| CVE-2018-4851 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2019-10-09 | 8.5 HIGH | 8.2 HIGH |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed. | |||||
| CVE-2018-3772 | 1 Whereis Project | 1 Whereis | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. | |||||
| CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-2424 | 1 Sap | 4 Hana Database, Ui, Ui5 and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 | |||||
| CVE-2018-1977 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032. | |||||
| CVE-2018-1791 | 1 Ibm | 1 Connections | 2019-10-09 | 4.9 MEDIUM | 4.9 MEDIUM |
| IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946. | |||||
| CVE-2018-1945 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2019-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 153387. | |||||
| CVE-2018-1599 | 1 Ibm | 1 Api Connect | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744. | |||||
| CVE-2018-1070 | 1 Redhat | 1 Openshift Container Platform | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard. | |||||
| CVE-2018-1166 | 1 Joyent | 1 Smartos | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984. | |||||
| CVE-2018-1504 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 141340. | |||||
| CVE-2018-1103 | 1 Redhat | 1 Source-to-image | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. | |||||
| CVE-2018-1478 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 140760. | |||||
| CVE-2018-1640 | 1 Ibm | 1 Security Privileged Identity Manager | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580. | |||||
| CVE-2018-1161 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215. | |||||
| CVE-2018-1140 | 1 Samba | 1 Samba | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable | |||||