Export limit exceeded: 42390 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10986 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10986 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18389 | 1 Neo4j | 1 Neo4j | 2024-11-21 | N/A |
| Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password. | ||||
| CVE-2018-18256 | 1 Capmon | 1 Access Manager | 2024-11-21 | N/A |
| An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher. | ||||
| CVE-2018-18255 | 1 Capmon | 1 Access Manager | 2024-11-21 | N/A |
| An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges. | ||||
| CVE-2018-18095 | 1 Intel | 4 Ssd Dc S4500, Ssd Dc S4500 Firmware, Ssd Dc S4600 and 1 more | 2024-11-21 | N/A |
| Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access. | ||||
| CVE-2018-18061 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. | ||||
| CVE-2018-18014 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 4.8 Medium |
| * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost. | ||||
| CVE-2018-17957 | 1 Suse | 1 Repository Mirroring Tool | 2024-11-21 | N/A |
| The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. | ||||
| CVE-2018-17953 | 3 Kernel, Opensuse, Suse | 3 Linux-pam, Leap, Linux Enterprise | 2024-11-21 | N/A |
| A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | ||||
| CVE-2018-17933 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | N/A |
| VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot. | ||||
| CVE-2018-17931 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | N/A |
| If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges. | ||||
| CVE-2018-17928 | 1 Abb | 2 Cms-770, Cms-770 Firmware | 2024-11-21 | N/A |
| The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism. | ||||
| CVE-2018-17926 | 1 Abb | 3 Eth-fw Firmware, Fw Firmware, M2m Ethernet | 2024-11-21 | N/A |
| The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. | ||||
| CVE-2018-17923 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2024-11-21 | N/A |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. | ||||
| CVE-2018-17921 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2024-11-21 | 8.8 High |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. | ||||
| CVE-2018-17918 | 1 Circontrol | 2 Circarlife, Circarlife Firmware | 2024-11-21 | N/A |
| Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | ||||
| CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | ||||
| CVE-2018-17786 | 2 D-link, Dlink | 2 Dir-823g Firmware, Dir-823g | 2024-11-21 | N/A |
| On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, GetDownLoadSyslog.sh, and upload_firmware.cgi do not require authentication, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2018-17777 | 1 Dlink | 2 Dva-5592, Dva-5592 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges. | ||||
| CVE-2018-17559 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | 7.5 High |
| Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | ||||
| CVE-2018-17534 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2024-11-21 | N/A |
| Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. | ||||