Total
1785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15592 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector. | |||||
| CVE-2018-15557 | 1 Actiontec | 2 Web6000q, Web6000q Firmware | 2024-11-21 | 10.0 HIGH | 8.8 HIGH |
| An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat. | |||||
| CVE-2018-15331 | 1 F5 | 1 Big-ip Application Acceleration Manager | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. | |||||
| CVE-2018-15207 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | |||||
| CVE-2018-14894 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | |||||
| CVE-2018-14828 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | |||||
| CVE-2018-14791 | 1 Emerson | 1 Deltav | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2018-13802 | 1 Siemens | 2 Rox Ii, Rox Ii Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2018-13801 | 1 Siemens | 2 Rox Ii, Rox Ii Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. | |||||
| CVE-2018-13405 | 6 Canonical, Debian, F5 and 3 more | 27 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 24 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. | |||||
| CVE-2018-11965 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. | |||||
| CVE-2018-11912 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. | |||||
| CVE-2018-11911 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. | |||||
| CVE-2018-11786 | 1 Apache | 1 Karaf | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user. | |||||
| CVE-2018-11767 | 1 Apache | 1 Hadoop | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. | |||||
| CVE-2018-11323 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | |||||
| CVE-2018-11190 | 1 Quest | 1 Disk Backup | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | |||||
| CVE-2018-10853 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
| A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. | |||||
| CVE-2018-10550 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | |||||