Search
Total
952 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1231 | 1 Pivotal Software | 1 Bosh Cli | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH. | |||||
| CVE-2018-12296 | 1 Seagate | 1 Nas Os | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests. | |||||
| CVE-2018-12259 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise. | |||||
| CVE-2018-12223 | 1 Intel | 1 Graphics Driver | 2019-10-03 | 4.6 MEDIUM | 6.3 MEDIUM |
| Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access. | |||||
| CVE-2018-12217 | 1 Intel | 1 Graphics Driver | 2019-10-03 | 2.1 LOW | 2.3 LOW |
| Insufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to read device configuration information via local access. | |||||
| CVE-2018-12209 | 1 Intel | 1 Graphics Driver | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access. | |||||
| CVE-2018-12200 | 1 Intel | 1 Capability Licensing Service | 2019-10-03 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access. | |||||
| CVE-2018-12177 | 1 Intel | 24 Dual Band Wireless-ac 3160, Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168 and 21 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-12173 | 1 Intel | 28 Compute Module Hns2600bp, Compute Module Hns2600bp Firmware, Compute Module Hns2600bpr and 25 more | 2019-10-03 | 7.2 HIGH | 7.6 HIGH |
| Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access. | |||||
| CVE-2018-12168 | 1 Intel | 1 Computing Improvement Program | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access. | |||||
| CVE-2018-12162 | 1 Intel | 1 Openvino Toolkit | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access. | |||||
| CVE-2018-12148 | 1 Intel | 1 Driver \& Support Assistant | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access. | |||||
| CVE-2018-12131 | 1 Intel | 3 Client Nvme, Datacenter Nvme, Rapid Storage Technology | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access. | |||||
| CVE-2018-1203 | 1 Dell | 1 Emc Isilon Onefs | 2019-10-03 | 7.2 HIGH | 6.7 MEDIUM |
| In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges. | |||||
| CVE-2018-12028 | 1 Phusion | 1 Passenger | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID. | |||||
| CVE-2018-12027 | 1 Phusion | 1 Passenger | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket. | |||||
| CVE-2018-1197 | 1 Pivotal Software | 1 Windows Stemcells | 2019-10-03 | 6.0 MEDIUM | 8.5 HIGH |
| In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials. | |||||
| CVE-2018-11964 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. | |||||
| CVE-2018-11951 | 1 Qualcomm | 4 Sd 845, Sd 845 Firmware, Sd 850 and 1 more | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. | |||||
| CVE-2018-11914 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security. | |||||
| CVE-2018-11913 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue. | |||||
| CVE-2018-11792 | 1 Apache | 1 Impala | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database. | |||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | |||||
| CVE-2018-11909 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue. | |||||
| CVE-2018-11908 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which presents a potential issue. | |||||
| CVE-2018-11907 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/ which presents a potential issue. | |||||
| CVE-2018-1141 | 1 Tenable | 1 Nessus | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. | |||||
| CVE-2018-11277 | 1 Qualcomm | 40 Msm8909w, Msm8909w Firmware, Msm8996au and 37 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue. | |||||
| CVE-2018-11259 | 1 Qualcomm | 76 Mdm9206, Mdm9206 Firmware, Mdm9607 and 73 more | 2019-10-03 | 3.6 LOW | 7.7 HIGH |
| Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. | |||||
| CVE-2018-11194 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | |||||
| CVE-2018-11193 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | |||||
| CVE-2018-11192 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | |||||
| CVE-2018-11191 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | |||||
| CVE-2018-10712 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | |||||
| CVE-2018-10710 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2019-10-03 | 7.2 HIGH | 7.1 HIGH |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. | |||||
| CVE-2018-10709 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | |||||
| CVE-2018-10647 | 1 Safervpn | 1 Safervpn | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-10646 | 1 Cyberghostvpn | 1 Cyberghost | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method accepts a "connectionParams" argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-10645 | 1 Goldenfrog | 1 Vyprvpn | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client. | |||||
| CVE-2018-10520 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-03 | 8.5 HIGH | 6.5 MEDIUM |
| In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | |||||
| CVE-2018-10519 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because of an incorrect fix for CVE-2018-10084. | |||||
| CVE-2018-10518 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-03 | 8.5 HIGH | 6.5 MEDIUM |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | |||||
| CVE-2018-10381 | 1 Mcafee | 1 Tunnelbear | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-1036 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-10285 | 1 Ericssonlg | 1 Ipecs Nms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | |||||
| CVE-2018-10204 | 1 Purevpn | 1 Purevpn | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This file allows "Write" permissions to users in the "Everyone" group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account. | |||||
| CVE-2018-10170 | 1 Nordvpn | 1 Nordvpn | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-10169 | 1 Protonmail | 1 Protonvpn | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-1002150 | 1 Koji Project | 1 Koji | 2019-10-03 | 7.5 HIGH | 9.1 CRITICAL |
| Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. | |||||
| CVE-2018-1000660 | 1 Tockos | 1 Tock | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed. | |||||