Total
316120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||
| CVE-2018-6496 | 1 Microfocus | 1 Universal Cmbd Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||
| CVE-2018-6495 | 1 Microfocus | 3 Cms Server, Universal Cmdb, Universal Cmdb Browser | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | |||||
| CVE-2018-6494 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | |||||
| CVE-2018-6493 | 1 Hp | 2 Network Automation, Network Operations Management Ultimate | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. | |||||
| CVE-2018-6492 | 1 Hp | 2 Network Automation, Network Operations Management Ultimate | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. | |||||
| CVE-2018-6491 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2024-11-21 | 7.2 HIGH | 8.1 HIGH |
| Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. | |||||
| CVE-2018-6490 | 1 Hp | 1 Operations Orchestration | 2024-11-21 | 7.8 HIGH | 5.9 MEDIUM |
| Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service. | |||||
| CVE-2018-6489 | 1 Microfocus | 1 Project And Portfolio Management Center | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) | |||||
| CVE-2018-6488 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. | |||||
| CVE-2018-6487 | 1 Microfocus | 1 Universal Cmdb Foundation Software | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information. | |||||
| CVE-2018-6486 | 1 Microfocus | 2 Fortify Audit Workbench, Fortify Software Security Center | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection. | |||||
| CVE-2018-6485 | 4 Gnu, Netapp, Oracle and 1 more | 15 Glibc, Cloud Backup, Data Ontap Edge and 12 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | |||||
| CVE-2018-6481 | 1 Flexense | 1 Disksavvy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124. | |||||
| CVE-2018-6480 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient. | |||||
| CVE-2018-6479 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. | |||||
| CVE-2018-6476 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. | |||||
| CVE-2018-6475 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | |||||
| CVE-2018-6474 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. | |||||
| CVE-2018-6473 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. | |||||