CVE-2018-18564

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 Serial number below 14000 and 04.x before 04.03.00 Serial Number above 14000, CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 Serial number above KQ0400000 or KS0400000. Improper access control allow...

CVE-2018-0701

BlueStacks App Player BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later allows an attacker on the same network segment to bypass access restriction to gain unauthorized access...

Heap overflow

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mgmqttnextsubscribetopic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially...

SUSE-SU-2018:2839-2 Security update for java-1_8_0-ibm

This update for java-180-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRocki...

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

CVE-2018-3139

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2018-3135

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Portal. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2018-3280

CVE-2018-3280 affects the MySQL Server component (Server: JSON) of Oracle MySQL. Affected products/versions: MySQL 8.0.12 and earlier. The vulnerability allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang or a frequent, repeatable crash of...

CVE-2018-3182

CVE-2018-3182 affects the MySQL Server component (Server: DML). Affected versions are 8.0.12 and prior. An attacker with network access and low privileges via multiple protocols can cause the MySQL Server to hang or crash (DoS). CVSS 3.0 base score is 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Th...

UBUNTU-CVE-2018-3144

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Audit. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2017-7513

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate...

CVE-2018-3030

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access...

CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

CVE-2018-2930

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite subcomponent: NAS device addition. Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster...

CVE-2018-3071

CVE-2018-3071 affects the MySQL Server Audit Log component in Oracle MySQL, with vulnerable versions up to 5.7.22 (and earlier). The exposed impact per the sources is a high-privilege attacker with network access via multiple protocols can cause a denial of service, resulting in a hang or frequen...

CVE-2018-2942

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Windows DLL. Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

Default credentials

Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device...

CVE-2016-6554

Affected products: Synology NAS DS107 (firmware 3.1-1639 and earlier), DS116, and DS213 (firmware earlier than 5.2-5644-1). Vulnerability: use of non-random default credentials (guest: blank, admin: blank) allows a remote network attacker to gain privileged access. Impact: attacker could obtain p...

AZL-38221 CVE-2018-1129 affecting package ceph for versions less than 18.2.1-1

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel ar...

CVE-2018-13108

CVE-2018-13108 affects all ADB broadband gateways/routers on the Epicentro platform. The root cause is a local root jailbreak via a network file sharing flaw (Samba) that lets an attacker gain root access and potentially exfiltrate sensitive ISP configuration data (e.g., VoIP credentials) or comp...