Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11951 | 1 Qualcomm | 4 Sd 845, Sd 845 Firmware, Sd 850 and 1 more | 2024-08-05 | N/A |
| Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. | ||||
| CVE-2018-11907 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /firmware/ which presents a potential issue. | ||||
| CVE-2018-11913 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue. | ||||
| CVE-2018-11908 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /data/ which presents a potential issue. | ||||
| CVE-2018-11909 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue. | ||||
| CVE-2018-11914 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security. | ||||
| CVE-2018-11910 | 1 Google | 1 Android | 2024-08-05 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /persist/ which presents a potential issue. | ||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2024-08-05 | N/A |
| Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | ||||
| CVE-2018-11116 | 1 Openwrt | 1 Openwrt | 2024-08-05 | 8.8 High |
| OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately | ||||
| CVE-2018-11277 | 1 Qualcomm | 40 Msm8909w, Msm8909w Firmware, Msm8996au and 37 more | 2024-08-05 | N/A |
| In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue. | ||||
| CVE-2018-11334 | 1 Windscribe | 1 Windscribe | 2024-08-05 | N/A |
| Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. | ||||
| CVE-2018-11192 | 1 Quest | 1 Disk Backup | 2024-08-05 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | ||||
| CVE-2018-11240 | 1 Softcase | 2 T-router, T-router Firmware | 2024-08-05 | N/A |
| An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018. | ||||
| CVE-2018-11191 | 1 Quest | 1 Disk Backup | 2024-08-05 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | ||||
| CVE-2018-11194 | 1 Quest | 1 Disk Backup | 2024-08-05 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | ||||
| CVE-2018-11193 | 1 Quest | 1 Disk Backup | 2024-08-05 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | ||||
| CVE-2018-11002 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-08-05 | N/A |
| Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | ||||
| CVE-2018-10869 | 1 Redhat | 3 Certification, Certifications, Enterprise Linux | 2024-08-05 | N/A |
| redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. | ||||
| CVE-2018-10645 | 1 Goldenfrog | 1 Vyprvpn | 2024-08-05 | N/A |
| Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker to configure the "AdditionalOpenVpnParameters" property and control the OpenVPN command line. Using the OpenVPN "plugin" parameter, an attacker may specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. This attack may be conducted using "VyprVPN Free" account credentials and the VyprVPN Desktop Client. | ||||
| CVE-2018-10856 | 2 Libpod Project, Redhat | 2 Libpod, Rhel Extras Other | 2024-08-05 | N/A |
| It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container. | ||||