Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-08-05 | 5.7 Medium |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | ||||
| CVE-2018-14650 | 2 Redhat, Sos-collector Project | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-08-05 | N/A |
| It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. | ||||
| CVE-2018-14327 | 1 Ee | 2 Ee40vb, Ee40vb Firmware | 2024-08-05 | N/A |
| The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. | ||||
| CVE-2018-13791 | 1 Abbyy | 1 Flexicapture | 2024-08-05 | N/A |
| The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter. | ||||
| CVE-2018-13412 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-05 | N/A |
| An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. | ||||
| CVE-2018-13411 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-05 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. | ||||
| CVE-2018-13355 | 1 Terra-master | 1 Terramaster Operating System | 2024-08-05 | N/A |
| Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | ||||
| CVE-2018-13321 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | ||||
| CVE-2018-13122 | 1 Onefilecms | 1 Onefilecms | 2024-08-05 | 6.5 Medium |
| onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. | ||||
| CVE-2018-13110 | 1 Adbglobal | 8 Dv2210, Dv2210 Firmware, Prg Av4202n and 5 more | 2024-08-05 | N/A |
| All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. | ||||
| CVE-2018-12979 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-08-05 | 6.5 Medium |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. | ||||
| CVE-2018-12922 | 1 Vertiv | 2 Liebert Intellislot, Liebert Intellislot Firmware | 2024-08-05 | 7.5 High |
| Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | ||||
| CVE-2018-12546 | 1 Eclipse | 1 Mosquitto | 2024-08-05 | 6.5 Medium |
| In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. | ||||
| CVE-2018-12357 | 1 Arista | 1 Cloudvision Portal | 2024-08-05 | N/A |
| Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | ||||
| CVE-2018-12396 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-08-05 | N/A |
| A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | ||||
| CVE-2018-12296 | 1 Seagate | 1 Nas Os | 2024-08-05 | N/A |
| Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests. | ||||
| CVE-2018-12335 | 1 Ecos | 1 System Management Appliance | 2024-08-05 | N/A |
| Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. | ||||
| CVE-2018-12028 | 1 Phusion | 1 Passenger | 2024-08-05 | N/A |
| An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID. | ||||
| CVE-2018-12027 | 1 Phusion | 1 Passenger | 2024-08-05 | N/A |
| An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket. | ||||
| CVE-2018-11964 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. | ||||