Total
31733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6757 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. | |||||
| CVE-2018-6706 | 1 Mcafee | 1 Agent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors. | |||||
| CVE-2018-6705 | 1 Mcafee | 1 Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. | |||||
| CVE-2018-6704 | 1 Mcafee | 1 Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. | |||||
| CVE-2018-6695 | 1 Mcafee | 1 Threat Intelligence Exchange Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment. | |||||
| CVE-2018-6678 | 1 Mcafee | 1 Mcafee Web Gateway | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2018-6671 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
| Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. | |||||
| CVE-2018-6668 | 1 Mcafee | 1 Application Change Control | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. | |||||
| CVE-2018-6622 | 1 Trustedcomputinggroup | 1 Trusted Platform Module | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation. | |||||
| CVE-2018-6598 | 1 Orbic | 2 Wonder Rc555l, Wonder Rc555l Firmware | 2024-11-21 | 5.6 MEDIUM | 7.1 HIGH |
| An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain. | |||||
| CVE-2018-6597 | 1 Alcatel | 2 A30, A30 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls). | |||||
| CVE-2018-6589 | 1 Ca | 1 Spectrum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10.2.3 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2018-6558 | 1 Google | 1 Fscrypt | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam). | |||||
| CVE-2018-6553 | 3 Canonical, Cups, Debian | 3 Ubuntu Linux, Cups, Debian Linux | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. | |||||
| CVE-2018-6552 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28. | |||||
| CVE-2018-6542 | 1 Zziplib Project | 1 Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. | |||||
| CVE-2018-6541 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-6540 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-6535 | 1 Icinga | 1 Icinga | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker. | |||||