Total
1587 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12615 | 1 Phusion | 1 Passenger | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
|
|||||
| CVE-2018-12546 | 1 Eclipse | 1 Mosquitto | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.
|
|||||
| CVE-2018-12467 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.5 MEDIUM | 6.0 MEDIUM |
|
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
|
|||||
| CVE-2018-12466 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.5 MEDIUM | 4.4 MEDIUM |
|
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
|
|||||
| CVE-2018-12457 | 1 Expresscart Project | 1 Expresscart | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
|
|||||
| CVE-2018-12396 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
|
|||||
| CVE-2018-12357 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
|
|||||
| CVE-2018-12335 | 1 Ecos | 1 System Management Appliance | 2024-11-21 | 4.1 MEDIUM | 7.3 HIGH |
|
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.
|
|||||
| CVE-2018-12296 | 1 Seagate | 1 Nas Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.
|
|||||
| CVE-2018-12259 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.
|
|||||
| CVE-2018-12223 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access.
|
|||||
| CVE-2018-12217 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
Insufficient access control in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to read device configuration information via local access.
|
|||||
| CVE-2018-12209 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.
|
|||||
| CVE-2018-12200 | 1 Intel | 1 Capability Licensing Service | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access.
|
|||||
| CVE-2018-12177 | 1 Intel | 24 Dual Band Wireless-ac 3160, Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168 and 21 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2018-12173 | 1 Intel | 28 Compute Module Hns2600bp, Compute Module Hns2600bp Firmware, Compute Module Hns2600bpr and 25 more | 2024-11-21 | 7.2 HIGH | 7.6 HIGH |
|
Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
|
|||||
| CVE-2018-12168 | 1 Intel | 1 Computing Improvement Program | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.
|
|||||
| CVE-2018-12162 | 1 Intel | 1 Openvino Toolkit | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access.
|
|||||
| CVE-2018-12148 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
|
|||||
| CVE-2018-12131 | 1 Intel | 3 Client Nvme, Datacenter Nvme, Rapid Storage Technology | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.
|
|||||
| CVE-2018-12028 | 1 Phusion | 1 Passenger | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
|
|||||
| CVE-2018-12027 | 1 Phusion | 1 Passenger | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-appl ...
Show More |
|||||
| CVE-2018-11964 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.
|
|||||
| CVE-2018-11951 | 1 Qualcomm | 4 Sd 845, Sd 845 Firmware, Sd 850 and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850.
|
|||||
| CVE-2018-11914 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security.
|
|||||
| CVE-2018-11913 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue.
|
|||||
| CVE-2018-11910 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue.
|
|||||
| CVE-2018-11909 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue.
|
|||||
| CVE-2018-11908 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which presents a potential issue.
|
|||||
| CVE-2018-11907 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/ which presents a potential issue.
|
|||||
| CVE-2018-11792 | 1 Apache | 1 Impala | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.
|
|||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.
|
|||||
| CVE-2018-11454 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2024-11-21 | 4.4 MEDIUM | 8.6 HIGH |
|
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system a ...
Show More |
|||||
| CVE-2018-11453 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system a ...
Show More |
|||||
| CVE-2018-11334 | 1 Windscribe | 1 Windscribe | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.
|
|||||
| CVE-2018-11277 | 1 Qualcomm | 40 Msm8909w, Msm8909w Firmware, Msm8996au and 37 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential ...
Show More |
|||||
| CVE-2018-11259 | 1 Qualcomm | 76 Mdm9206, Mdm9206 Firmware, Mdm9607 and 73 more | 2024-11-21 | 3.6 LOW | 7.7 HIGH |
|
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.
|
|||||
| CVE-2018-11240 | 1 Softcase | 2 T-router, T-router Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018.
|
|||||
| CVE-2018-11194 | 1 Quest | 1 Disk Backup | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
|
|||||
| CVE-2018-11193 | 1 Quest | 1 Disk Backup | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
|
|||||