|
246141
|
6.5 |
MEDIUM
Network
|
rsa
|
archer_grc_platform
|
RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain rea…
|
NVD-CWE-noinfo
|
CVE-2018-15780
|
2024-11-21 12:51 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246142
|
9.8 |
CRITICAL
Network
|
logitech
|
harmony_hub_firmware
|
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to e…
|
NVD-CWE-noinfo
|
CVE-2018-15723
|
2024-11-21 12:51 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246143
|
8.1 |
HIGH
Network
|
logitech
|
harmony_hub_firmware
|
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatt…
|
CWE-78
OS Command
|
CVE-2018-15722
|
2024-11-21 12:51 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246144
|
9.8 |
CRITICAL
Network
|
logitech
|
harmony_hub_firmware
|
The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the lo…
|
CWE-287
Improper Authentication
|
CVE-2018-15721
|
2024-11-21 12:51 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246145
|
9.8 |
CRITICAL
Network
|
logitech
|
harmony_hub_firmware
|
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-15720
|
2024-11-21 12:51 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246146
|
7.4 |
HIGH
Network
|
vmware
|
spring_framework
|
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a mali…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2018-15801
|
2024-11-21 12:51 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246147
|
5.4 |
MEDIUM
Network
|
pivotal_software
|
concourse
|
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth r…
|
CWE-601
Open Redirect
|
CVE-2018-15798
|
2024-11-21 12:51 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246148
|
6.8 |
MEDIUM
Physics
|
dell
|
idrac7_firmware
idrac8_firmware
|
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vul…
|
NVD-CWE-noinfo
|
CVE-2018-15776
|
2024-11-21 12:51 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246149
|
8.8 |
HIGH
Network
|
dell
|
idrac7_firmware
idrac8_firmware
idrac9_firmware
|
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated mali…
|
CWE-863
Incorrect Authorization
|
CVE-2018-15774
|
2024-11-21 12:51 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246150
|
8.8 |
HIGH
Network
|
pivotal_software
|
cloud_foundry_uaa-release
|
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same user…
|
CWE-863
Incorrect Authorization
|
CVE-2018-15754
|
2024-11-21 12:51 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
