Total
3862 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3601 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | ||||
| CVE-2018-2483 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A |
| HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | ||||
| CVE-2018-2449 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2024-11-21 | N/A |
| SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. | ||||
| CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | ||||
| CVE-2018-21246 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 9.8 Critical |
| Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | ||||
| CVE-2018-21235 | 1 Foxitsoftware | 1 E-mail Advertising System | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. | ||||
| CVE-2018-21128 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | ||||
| CVE-2018-21125 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. | ||||
| CVE-2018-21121 | 1 Netgear | 6 Gs810emx, Gs810emx Firmware, Xs512em and 3 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. | ||||
| CVE-2018-21118 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. | ||||
| CVE-2018-21062 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). | ||||
| CVE-2018-21038 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | ||||
| CVE-2018-20954 | 1 Mailpile | 1 Mailpile | 2024-11-21 | N/A |
| The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | ||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | ||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | ||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | ||||
| CVE-2018-20735 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | N/A |
| An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration | ||||
| CVE-2018-20675 | 1 Dlink | 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more | 2024-11-21 | 9.8 Critical |
| D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | ||||
| CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | ||||
| CVE-2018-20422 | 1 Comsenz | 1 Discuzx | 2024-11-21 | N/A |
| Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed). | ||||