Total
1970 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1495 | 1 Ibm | 4 Flashsystem 840, Flashsystem 840 Firmware, Flashsystem 900 and 1 more | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| IBM FlashSystem V840 and V900 products could allow an authenticated attacker with specialized access to overwrite arbitrary files which could cause a denial of service. IBM X-Force ID: 141148. | |||||
| CVE-2018-1460 | 1 Ibm | 1 Puredata System For Analytics | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211. | |||||
| CVE-2018-1368 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so there is risk that someone not authorized can change things that they are not suppose to. IBM X-Force ID: 137765. | |||||
| CVE-2018-1182 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges. | |||||
| CVE-2018-1134 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. | |||||
| CVE-2018-19853 | 1 Hitshop Project | 1 Hitshop | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account. | |||||
| CVE-2018-19725 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-19648 | 1 Adtran | 1 Pmaa | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF. | |||||
| CVE-2018-19608 | 1 Arm | 1 Mbed Tls | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. | |||||
| CVE-2018-19411 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | |||||
| CVE-2018-1999032 | 1 Agiletestware | 1 Pangolin Connector For Testrail | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint. | |||||
| CVE-2018-18931 | 1 Trms | 1 Carousel Digital Signage | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command "shutdown -r -t 0" from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further. | |||||
| CVE-2018-18368 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2018-18344 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. | |||||
| CVE-2018-18252 | 1 Capmon | 1 Access Manager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option. | |||||
| CVE-2018-17855 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself. | |||||
| CVE-2018-16888 | 4 Canonical, Netapp, Redhat and 1 more | 5 Ubuntu Linux, Active Iq Performance Analytics Services, Element Software and 2 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. | |||||
| CVE-2018-16838 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | |||||
| CVE-2018-16497 | 1 Versa-networks | 1 Versa Analytics | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group. | |||||
| CVE-2018-16272 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||