Latest CVE Feed
-
5.9
MEDIUMCVE-2018-11057
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able... Read more
- Published: Aug. 31, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-11056
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote atta... Read more
- Published: Aug. 31, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2018-11055
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES ... Read more
- Published: Aug. 31, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-11054
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.... Read more
- Published: Aug. 31, 2018
- Modified: Nov. 21, 2024
-
6.6
MEDIUMCVE-2018-11053
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low p... Read more
Affected Products : enterprise_linux suse_linux_enterprise_server xenserver emc_idrac_service_module- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11052
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.... Read more
Affected Products : elastic_cloud_storage- Published: Jul. 03, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-11051
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by mani... Read more
Affected Products : rsa_certificate_manager- Published: Jul. 03, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-11050
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent une... Read more
- Published: Aug. 01, 2018
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2018-11049
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user cou... Read more
- Published: Jul. 11, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2018-11048
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user co... Read more
- Published: Aug. 10, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-11047
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access to... Read more
Affected Products : cloud_foundry_uaa- Published: Jul. 24, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-11046
Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities m... Read more
Affected Products : operations_manager- Published: Jun. 25, 2018
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2018-11045
Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version an... Read more
Affected Products : operations_manager- Published: Jul. 11, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-11044
Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicio... Read more
- Published: Jul. 24, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2018-11041
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redir... Read more
- Published: Jun. 25, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2018-11040
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers an... Read more
Affected Products : debian_linux weblogic_server application_testing_suite enterprise_manager_ops_center retail_predictive_application_server mysql_enterprise_monitor hospitality_guest_access retail_xstore_point_of_service flexcube_private_banking communications_services_gatekeeper +19 more products- Published: Jun. 25, 2018
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2018-11039
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. ... Read more
Affected Products : debian_linux weblogic_server application_testing_suite enterprise_manager_ops_center retail_predictive_application_server mysql_enterprise_monitor hospitality_guest_access retail_xstore_point_of_service primavera_p6_enterprise_project_portfolio_management agile_plm +24 more products- Published: Jun. 25, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2018-11037
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.... Read more
Affected Products : exiv2- Published: May. 14, 2018
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-11036
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.... Read more
Affected Products : sz-300_firmware sz-100_firmware vsz_firmware scg-200_firmware sz-100 sz-300 vsz scg-200- Published: May. 31, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-11035
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.... Read more
- Published: May. 14, 2018
- Modified: Nov. 21, 2024