Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-11088

    Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able ... Read more

    Affected Products : pivotal_application_service
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11086

    Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to acce... Read more

    Affected Products : pivotal_application_service
    • Published: Sep. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-11084

    Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service fo... Read more

    Affected Products : garden-runc
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2018-11083

    Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh ... Read more

    Affected Products : bosh
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-11082

    Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to log... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-11081

    Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote... Read more

    Affected Products : operations_manager
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11080

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to uti... Read more

    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11079

    Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file... Read more

    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11078

    Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.... Read more

    Affected Products : emc_vplex_geosynchrony
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-11077

    'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A... Read more

    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11076

    Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be lea... Read more

    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-11075

    RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially explo... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11074

    RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tric... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-11073

    RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code thr... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-11072

    Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.... Read more

    Affected Products : digital_delivery
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-11071

    Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated rem... Read more

    Affected Products : isilon_onefs isilonsd_edge
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-11070

    RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA... Read more

    Affected Products : bsafe_crypto-j rsa_bsafe_ssl-j
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-11069

    RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.... Read more

    Affected Products : bsafe_ssl-j rsa_bsafe_ssl-j
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2018-11068

    RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.... Read more

    Affected Products : bsafe_ssl-j rsa_bsafe_ssl-j
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-11067

    Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A ... Read more

    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293929 Results