|
250631
|
7.0 |
HIGH
Local
|
f5
|
big-ip_access_policy_manager big-ip_access_policy_manager_client
|
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on …
|
CWE-362
Race Condition
|
CVE-2018-15332
|
2024-11-21 12:50 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250632
|
9.8 |
CRITICAL
Network
|
cisco
|
prime_license_manager
|
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of …
|
CWE-89
SQL Injection
|
CVE-2018-15441
|
2024-11-21 12:50 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250633
|
8.8 |
HIGH
Network
|
zyxel
|
nsa325_v2_firmware
|
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
|
CWE-78 CWE-77
OS Command Command Injection
|
CVE-2018-14893
|
2024-11-21 12:50 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250634
|
8.8 |
HIGH
Network
|
zyxel
|
nsa325_v2_firmware
|
Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.
|
CWE-352
Origin Validation Error
|
CVE-2018-14892
|
2024-11-21 12:50 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250635
|
6.1 |
MEDIUM
Network
|
polycom
|
trio_8500_firmware
|
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14935
|
2024-11-21 12:50 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250636
|
6.5 |
MEDIUM
Adjacent
|
polycom
|
trio_8500_firmware
|
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device m…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14934
|
2024-11-21 12:50 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250637
|
6.7 |
MEDIUM
Local
|
cisco
|
advanced_malware_protection_for_endpoints
|
A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or ta…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2018-15452
|
2024-11-21 12:50 |
2018-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250638
|
6.5 |
MEDIUM
Network
|
cisco
|
prime_collaboration
|
A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficien…
|
CWE-22
Path Traversal
|
CVE-2018-15450
|
2024-11-21 12:50 |
2018-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250639
|
5.4 |
MEDIUM
Network
|
cisco
|
prime_service_catalog
|
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the…
|
CWE-79
Cross-site Scripting
|
CVE-2018-15451
|
2024-11-21 12:50 |
2018-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250640
|
6.5 |
MEDIUM
Network
|
cisco
|
video_surveillance_media_server
|
A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based mana…
|
CWE-20
Improper Input Validation
|
CVE-2018-15449
|
2024-11-21 12:50 |
2018-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|