CVE-2018-16158

Public exploit
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
Max CVSS
10.0
EPSS Score
2.08%
Published
2018-08-30
Updated
2020-08-24

CVE-2018-15877

Public exploit
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
Max CVSS
9.0
EPSS Score
96.83%
Published
2018-08-26
Updated
2023-02-02

CVE-2018-15727

Public exploit
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
Max CVSS
9.8
EPSS Score
2.54%
Published
2018-08-29
Updated
2019-03-05

CVE-2018-15473

Public exploit
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Max CVSS
5.3
EPSS Score
2.36%
Published
2018-08-17
Updated
2023-02-23

CVE-2018-15133

Known exploited
Public exploit
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Max CVSS
8.1
EPSS Score
62.42%
Published
2018-08-09
Updated
2024-01-17
CISA KEV Added
2024-01-16

CVE-2018-14933

Public exploit
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Max CVSS
10.0
EPSS Score
47.87%
Published
2018-08-04
Updated
2019-10-03

CVE-2018-14912

Public exploit
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
Max CVSS
7.5
EPSS Score
96.19%
Published
2018-08-03
Updated
2018-10-02

CVE-2018-14847

Known exploited
Public exploit
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Max CVSS
9.1
EPSS Score
97.50%
Published
2018-08-02
Updated
2019-03-07
CISA KEV Added
2021-12-01

CVE-2018-14840

Public exploit
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
Max CVSS
6.1
EPSS Score
0.18%
Published
2018-08-02
Updated
2018-11-08

CVE-2018-14716

Public exploit
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
Max CVSS
7.5
EPSS Score
2.27%
Published
2018-08-06
Updated
2020-08-24

CVE-2018-14058

Public exploit
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
Max CVSS
6.5
EPSS Score
0.83%
Published
2018-08-17
Updated
2018-10-12

CVE-2018-11776

Known exploited
Public exploit
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
Max CVSS
9.3
EPSS Score
97.52%
Published
2018-08-22
Updated
2023-06-12
CISA KEV Added
2021-11-03

CVE-2018-11770

Public exploit
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'.
Max CVSS
4.9
EPSS Score
96.91%
Published
2018-08-13
Updated
2023-02-10
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.
Max CVSS
6.5
EPSS Score
0.05%
Published
2018-08-23
Updated
2019-10-03
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.
Max CVSS
4.3
EPSS Score
0.05%
Published
2018-08-23
Updated
2019-05-08
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-08-23
Updated
2019-05-08
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-08-23
Updated
2019-10-03
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.
Max CVSS
7.5
EPSS Score
0.09%
Published
2018-08-23
Updated
2019-10-03
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
Max CVSS
5.3
EPSS Score
0.07%
Published
2018-08-23
Updated
2019-05-08
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-08-01
Updated
2018-10-03
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-08-01
Updated
2019-10-03
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Max CVSS
4.3
EPSS Score
0.05%
Published
2018-08-01
Updated
2018-10-15
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
Max CVSS
4.9
EPSS Score
0.05%
Published
2018-08-01
Updated
2018-10-15
A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.
Max CVSS
4.3
EPSS Score
0.05%
Published
2018-08-01
Updated
2018-10-10
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-08-01
Updated
2019-10-03
1013 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!