Total
2071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14828 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | |||||
| CVE-2018-14808 | 1 Emerson | 1 Ams Device Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. | |||||
| CVE-2018-14791 | 1 Emerson | 1 Deltav | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2018-13802 | 1 Siemens | 2 Rox Ii, Rox Ii Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2018-13801 | 1 Siemens | 2 Rox Ii, Rox Ii Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. | |||||
| CVE-2018-13405 | 6 Canonical, Debian, F5 and 3 more | 27 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 24 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. | |||||
| CVE-2018-13400 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | |||||
| CVE-2018-12884 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu. | |||||
| CVE-2018-12596 | 1 Episerver | 1 Ektron Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins). | |||||
| CVE-2018-12261 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root. | |||||
| CVE-2018-11965 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. | |||||
| CVE-2018-11912 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. | |||||
| CVE-2018-11911 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. | |||||
| CVE-2018-11786 | 1 Apache | 1 Karaf | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user. | |||||
| CVE-2018-11767 | 1 Apache | 1 Hadoop | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. | |||||
| CVE-2018-11323 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | |||||
| CVE-2018-11190 | 1 Quest | 1 Disk Backup | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | |||||
| CVE-2018-11008 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | |||||
| CVE-2018-11006 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 8.8 HIGH | 5.5 MEDIUM |
| An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | |||||