Total
4095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19999 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | N/A |
| The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session. | ||||
| CVE-2018-19834 | 1 Bombba Project | 1 Bombba | 2024-11-21 | 7.5 High |
| The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||
| CVE-2018-19833 | 1 Ddq Project | 1 Ddq | 2024-11-21 | 7.5 High |
| The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||
| CVE-2018-19832 | 1 Newinteltechmedia Project | 1 Newinteltechmedia | 2024-11-21 | 7.5 High |
| The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||
| CVE-2018-19831 | 1 Cryptbond Network Project | 1 Cryptbond Network | 2024-11-21 | 7.5 High |
| The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||
| CVE-2018-19788 | 4 Canonical, Debian, Polkit Project and 1 more | 5 Ubuntu Linux, Debian Linux, Polkit and 2 more | 2024-11-21 | N/A |
| A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | ||||
| CVE-2018-19783 | 1 Kentix | 2 Multisensor-lan, Multisensor-lan Firmware | 2024-11-21 | N/A |
| Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. | ||||
| CVE-2018-19645 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | N/A |
| An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | ||||
| CVE-2018-19616 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2024-11-21 | N/A |
| An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element. | ||||
| CVE-2018-19505 | 1 Bmc | 1 Remedy Action Request System Server | 2024-11-21 | N/A |
| Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | ||||
| CVE-2018-19458 | 1 Php-proxy | 1 Php-proxy | 2024-11-21 | N/A |
| In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | ||||
| CVE-2018-19392 | 1 Cobham | 4 Satcom Sailor 250, Satcom Sailor 250 Firmware, Satcom Sailor 500 and 1 more | 2024-11-21 | N/A |
| Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). | ||||
| CVE-2018-19249 | 1 Stripe | 1 Stripe Api | 2024-11-21 | N/A |
| The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction. | ||||
| CVE-2018-19076 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). | ||||
| CVE-2018-19023 | 1 Hetronic | 10 Bms-hl, Bms-hl Firmware, Dc Mobile and 7 more | 2024-11-21 | N/A |
| Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. | ||||
| CVE-2018-19000 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | N/A |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. | ||||
| CVE-2018-1999045 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. | ||||
| CVE-2018-1999043 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. | ||||
| CVE-2018-18907 | 1 Dlink | 2 Dir-850l, Dir-850l Firmare | 2024-11-21 | 7.5 High |
| An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | ||||
| CVE-2018-18891 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | ||||