Total
3376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7532 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. | |||||
| CVE-2018-7358 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-7236 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. | |||||
| CVE-2018-7228 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges. | |||||
| CVE-2018-7227 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. | |||||
| CVE-2018-7213 | 1 Abine | 1 Blur | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. | |||||
| CVE-2018-7123 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2018-7121 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2018-7108 | 1 Hpe | 1 Storageworks Xp7 Automation Director | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template. | |||||
| CVE-2018-7076 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04. | |||||
| CVE-2018-7069 | 1 Hp | 1 Centralview Fraud Risk Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7067 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. | |||||
| CVE-2018-7058 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent. | |||||
| CVE-2018-7034 | 1 Trendnet | 6 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | |||||
| CVE-2018-6960 | 1 Vmware | 1 Horizon Daas | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | |||||
| CVE-2018-6908 | 1 Rainmachine | 4 Mini-8, Mini-8 Firmware, Touch Hd 12 and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. | |||||
| CVE-2018-6873 | 1 Auth0 | 1 Auth0.js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. | |||||
| CVE-2018-6689 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. | |||||
| CVE-2018-6686 | 1 Mcafee | 1 Drive Encryption | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. | |||||
| CVE-2018-6667 | 1 Mcafee | 1 Mcafee Web Gateway | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | |||||