Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-18760 |
RhinOS 3.0 build 1190 allows CSRF. Published: November 16, 2018; 1:29:01 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18759 |
Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. Published: November 16, 2018; 1:29:01 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-18756 |
Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008. Published: November 16, 2018; 1:29:01 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-18755 |
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. Published: November 16, 2018; 1:29:01 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-16396 |
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. Published: November 16, 2018; 1:29:01 PM -0500 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-16395 |
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. Published: November 16, 2018; 1:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-15693 |
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference. Published: November 16, 2018; 1:29:00 PM -0500 |
V3.0: 6.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15692 |
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. Published: November 16, 2018; 1:29:00 PM -0500 |
V3.0: 6.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-7363 |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. Published: November 16, 2018; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 3.3 LOW |
CVE-2018-7362 |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. Published: November 16, 2018; 10:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2018-7361 |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service. Published: November 16, 2018; 10:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2018-7360 |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. Published: November 16, 2018; 10:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2018-7359 |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code. Published: November 16, 2018; 10:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-1797 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427. Published: November 16, 2018; 10:29:00 AM -0500 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-1639 |
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579. Published: November 16, 2018; 10:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-9086 |
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users. Published: November 16, 2018; 9:29:00 AM -0500 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-9085 |
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. Published: November 16, 2018; 9:29:00 AM -0500 |
V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-9073 |
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. Published: November 16, 2018; 9:29:00 AM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-9071 |
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. Published: November 16, 2018; 9:29:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2018-19296 |
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. Published: November 16, 2018; 4:29:00 AM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |