Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6623 | 1 Hola | 1 Vpn | 2024-08-05 | N/A |
| An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services. | ||||
| CVE-2018-6606 | 1 Malwarefox | 1 Antimalware | 2024-08-05 | N/A |
| An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges. | ||||
| CVE-2018-6598 | 1 Orbic | 2 Wonder Rc555l, Wonder Rc555l Firmware | 2024-08-05 | N/A |
| An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain. | ||||
| CVE-2018-6593 | 1 Malwarefox | 1 Antimalware | 2024-08-05 | N/A |
| An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges. | ||||
| CVE-2018-6536 | 1 Icinga | 1 Icinga | 2024-08-05 | N/A |
| An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake. | ||||
| CVE-2018-6269 | 1 Nvidia | 1 Jetson Tx2 | 2024-08-05 | N/A |
| NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3. | ||||
| CVE-2018-6057 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-08-05 | N/A |
| Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. | ||||
| CVE-2018-6040 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-08-05 | N/A |
| Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. | ||||
| CVE-2018-5413 | 1 Imperva | 1 Securesphere | 2024-08-05 | N/A |
| Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. | ||||
| CVE-2018-5313 | 1 Rapidscada | 1 Rapid Scada | 2024-08-05 | N/A |
| A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. | ||||
| CVE-2018-5349 | 1 Heimdalsecurity | 1 Heimdal | 2024-08-05 | N/A |
| A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. | ||||
| CVE-2018-5342 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-05 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. | ||||
| CVE-2018-4324 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
| A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14. | ||||
| CVE-2018-4251 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access. | ||||
| CVE-2018-4238 | 1 Apple | 1 Iphone Os | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri. | ||||
| CVE-2018-4220 | 1 Apple | 1 Swift | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading. | ||||
| CVE-2018-4178 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
| A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4. | ||||
| CVE-2018-4073 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability. | ||||
| CVE-2018-4051 | 1 Gog | 1 Galaxy | 2024-08-05 | 5.5 Medium |
| An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories. | ||||
| CVE-2018-4049 | 1 Gog | 1 Galaxy | 2024-08-05 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges. | ||||