Search
Total
952 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19393 | 1 Cobham | 4 Satcom Sailor 800, Satcom Sailor 800 Firmware, Satcom Sailor 900 and 1 more | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. | |||||
| CVE-2018-19113 | 1 Pronestor | 1 Pronestor Health Monitoring | 2019-10-03 | 4.4 MEDIUM | 7.3 HIGH |
| The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file. | |||||
| CVE-2018-19072 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2019-10-03 | 3.6 LOW | 5.5 MEDIUM |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. | |||||
| CVE-2018-19071 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/boot.sh has 0777 permissions, allowing local users to control the commands executed at system start-up. | |||||
| CVE-2018-18654 | 1 Debian | 1 Crossroads | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr. | |||||
| CVE-2018-18435 | 1 Kioware | 1 Kioware Server | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as "Localsystem", this will allow any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a malicious one. | |||||
| CVE-2018-18254 | 1 Capmon | 1 Access Manager | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname. | |||||
| CVE-2018-18352 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. | |||||
| CVE-2018-18098 | 2 Intel, Microsoft | 3 Sgx Platform Software, Sgx Sdk, Windows | 2019-10-03 | 4.4 MEDIUM | 7.3 HIGH |
| Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access. | |||||
| CVE-2018-18097 | 1 Intel | 1 Solid State Drive Toolbox | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-18094 | 1 Intel | 1 Media Sdk | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-18093 | 1 Intel | 1 Vtune Amplifier | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. | |||||
| CVE-2018-18349 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | |||||
| CVE-2018-17775 | 1 Seqrite | 1 End Point Security | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | |||||
| CVE-2018-17305 | 1 Uipath | 1 Orchestrator | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. | |||||
| CVE-2018-17037 | 1 Ucms Project | 1 Ucms | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. | |||||
| CVE-2018-16958 | 1 Oracle | 1 Webcenter Interaction | 2019-10-03 | 5.8 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
| CVE-2018-16715 | 1 Absolute | 1 Ctes Windows Agent | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. | |||||
| CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | |||||
| CVE-2018-16588 | 1 Suse | 2 Linux Enterprise, Shadow | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. | |||||
| CVE-2018-16545 | 1 Kzsoftware | 2 Asset Manager, Training Manager | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). | |||||
| CVE-2018-16145 | 1 Opsview | 1 Opsview | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. | |||||
| CVE-2018-15869 | 1 Hashicorp | 1 Packer | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | |||||
| CVE-2018-15681 | 1 Btiteam | 1 Xbtit | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. | |||||
| CVE-2018-15509 | 1 Five9 | 1 Agent Desktop Plus | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2). | |||||
| CVE-2018-15508 | 1 Five9 | 1 Agent Desktop Plus | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing a remote attackers to cause a denial of service via opening a connection on port 8083 to a device running the Five9 SoftPhone(issue 1 of 2). | |||||
| CVE-2018-15502 | 1 Lwolf | 1 Loading Docs | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs. | |||||
| CVE-2018-15491 | 1 Zemana | 1 Antilogger | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | |||||
| CVE-2018-15482 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. | |||||
| CVE-2018-14982 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. | |||||
| CVE-2018-14981 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. | |||||
| CVE-2018-14980 | 1 Asus | 2 Zenfone 3 Max, Zenfone 3 Max Firmware | 2019-10-03 | 3.6 LOW | 7.1 HIGH |
| The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device. | |||||
| CVE-2018-14934 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2019-10-03 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. | |||||
| CVE-2018-14703 | 1 Drobo | 2 5n2, 5n2 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password. | |||||
| CVE-2018-14327 | 1 Ee | 2 Ee40vb, Ee40vb Firmware | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. | |||||
| CVE-2018-14043 | 1 Monetra | 1 Mstdlib | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data. | |||||
| CVE-2018-1417 | 1 Ibm | 1 Java Sdk | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. | |||||
| CVE-2018-13791 | 1 Abbyy | 1 Flexicapture | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter. | |||||
| CVE-2018-13399 | 1 Atlassian | 2 Crucible, Fisheye | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | |||||
| CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | |||||
| CVE-2018-13355 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | |||||
| CVE-2018-13321 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | |||||
| CVE-2018-1315 | 1 Apache | 1 Hive | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently. | |||||
| CVE-2018-13110 | 1 Adbglobal | 8 Dv2210, Dv2210 Firmware, Prg Av4202n and 5 more | 2019-10-03 | 8.5 HIGH | 7.5 HIGH |
| All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. | |||||
| CVE-2018-13025 | 1 Yxcms | 1 Yxcms | 2019-10-03 | 5.5 MEDIUM | 4.9 MEDIUM |
| protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | |||||
| CVE-2018-12642 | 1 Froxlor | 1 Froxlor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | |||||
| CVE-2018-12615 | 1 Phusion | 1 Passenger | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. | |||||
| CVE-2018-12457 | 1 Expresscart Project | 1 Expresscart | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | |||||
| CVE-2018-12396 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | |||||
| CVE-2018-12335 | 1 Ecos | 1 System Management Appliance | 2019-10-03 | 4.1 MEDIUM | 7.3 HIGH |
| Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. | |||||