Total
2076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000648 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | N/A |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters. | ||||
| CVE-2018-1000634 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | N/A |
| The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7. | ||||
| CVE-2018-1000624 | 1 Battelle | 1 V2i Hub | 2024-11-21 | N/A |
| Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system. | ||||
| CVE-2018-1000503 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15. | ||||
| CVE-2018-1000400 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-11-21 | N/A |
| Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. | ||||
| CVE-2018-1000141 | 1 I-librarian | 1 I Librarian | 2024-11-21 | N/A |
| I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. | ||||
| CVE-2018-1000133 | 1 Secluded | 1 Trident | 2024-11-21 | N/A |
| Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2. | ||||
| CVE-2018-1000028 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.4 High |
| Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. | ||||
| CVE-2018-0821 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | N/A |
| AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability". | ||||
| CVE-2018-0751 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | N/A |
| The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752. | ||||
| CVE-2018-0748 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-11-21 | N/A |
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". | ||||
| CVE-2018-0728 | 1 Qnap | 2 Helpdesk, Qts | 2024-11-21 | 7.5 High |
| This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions. | ||||
| CVE-2018-0671 | 1 Mnc | 1 Inplc-rt | 2024-11-21 | N/A |
| Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors. | ||||
| CVE-2018-0613 | 1 Necplatforms | 16 Calsos Csdj-a, Calsos Csdj-a Firmware, Calsos Csdj-b and 13 more | 2024-11-21 | N/A |
| NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors. | ||||
| CVE-2018-0610 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | N/A |
| Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. | ||||
| CVE-2018-0573 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | ||||
| CVE-2018-0566 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
| Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | ||||
| CVE-2018-0503 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | ||||
| CVE-2018-0024 | 1 Juniper | 42 Ex2200, Ex2200-c, Ex2200\/vc and 39 more | 2024-11-21 | N/A |
| An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series. | ||||
| CVE-2018-0010 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1. | ||||