Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000072 | 1 Iredmail | 1 Iredmail | 2024-08-05 | N/A |
| iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7. | ||||
| CVE-2018-1000071 | 1 Roundcube | 1 Webmail | 2024-08-05 | N/A |
| roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. | ||||
| CVE-2018-1000025 | 1 Firebase Admin Sdk For Php Project | 1 Firebase Admin Sdk For Php | 2024-08-05 | N/A |
| Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1. | ||||
| CVE-2018-1000028 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 7.4 High |
| Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. | ||||
| CVE-2018-21254 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command. | ||||
| CVE-2018-21255 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel. | ||||
| CVE-2018-21265 | 1 Mattermost | 1 Mattermost Desktop | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | ||||
| CVE-2018-21261 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges. | ||||
| CVE-2018-21253 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. | ||||
| CVE-2018-21252 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. | ||||
| CVE-2018-21256 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command. | ||||
| CVE-2018-21081 | 1 Google | 1 Android | 2024-08-05 | 9.1 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018). | ||||
| CVE-2018-20936 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | ||||
| CVE-2018-20871 | 1 Univa | 1 Grid Engine | 2024-08-05 | N/A |
| In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). | ||||
| CVE-2018-20908 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435). | ||||
| CVE-2018-20909 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). | ||||
| CVE-2018-20905 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429). | ||||
| CVE-2018-20906 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430). | ||||
| CVE-2018-20907 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | ||||
| CVE-2018-20904 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | ||||