Total
1964 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-11614 | 1 Samsung | 1 Samsung Members | 2024-08-05 | N/A |
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361. | ||||
CVE-2018-10172 | 1 7-zip | 1 7-zip | 2024-08-05 | N/A |
7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows. | ||||
CVE-2018-11323 | 1 Joomla | 1 Joomla\! | 2024-08-05 | N/A |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | ||||
CVE-2018-11190 | 1 Quest | 1 Disk Backup | 2024-08-05 | N/A |
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | ||||
CVE-2018-11008 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-08-05 | 5.5 Medium |
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | ||||
CVE-2018-11006 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-08-05 | 5.5 Medium |
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | ||||
CVE-2018-10906 | 3 Debian, Fuse Project, Redhat | 6 Debian Linux, Fuse, Enterprise Linux and 3 more | 2024-08-05 | N/A |
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. | ||||
CVE-2018-10853 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-08-05 | N/A |
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. | ||||
CVE-2018-10514 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security, Internet Security and 2 more | 2024-08-05 | N/A |
A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | ||||
CVE-2018-10502 | 1 Samsung | 1 Galaxy Apps | 2024-08-05 | N/A |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359. | ||||
CVE-2018-10550 | 1 Octopus | 1 Octopus Deploy | 2024-08-05 | N/A |
In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | ||||
CVE-2018-10168 | 1 Tp-link | 1 Eap Controller | 2024-08-05 | N/A |
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. | ||||
CVE-2018-10143 | 1 Paloaltonetworks | 1 Expedition | 2024-08-05 | N/A |
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | ||||
CVE-2018-10079 | 1 Vertiv | 1 Watchdog Console | 2024-08-05 | 7.8 High |
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml. | ||||
CVE-2018-9853 | 1 Freesshd | 1 Freesshd | 2024-08-05 | N/A |
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server. | ||||
CVE-2018-9332 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-08-05 | 7.8 High |
K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). | ||||
CVE-2018-9425 | 1 Google | 1 Android | 2024-08-05 | 7.8 High |
In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 | ||||
CVE-2018-9333 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-08-05 | 7.8 High |
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe. | ||||
CVE-2018-9334 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-05 | N/A |
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | ||||
CVE-2018-8724 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-08-05 | 7.8 High |
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. |