Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2494 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-08-05 | N/A |
| Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform. | ||||
| CVE-2018-2361 | 1 Sap | 1 Solution Manager | 2024-08-05 | N/A |
| In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. | ||||
| CVE-2018-1057 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-08-05 | 8.8 High |
| On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | ||||
| CVE-2018-0269 | 1 Cisco | 1 Digital Network Architecture Center | 2024-08-05 | 4.3 Medium |
| A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208. | ||||
| CVE-2018-0337 | 1 Cisco | 15 Nexus 5000, Nexus 5010, Nexus 5020 and 12 more | 2024-08-05 | 7.8 High |
| A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976. | ||||
| CVE-2018-0338 | 1 Cisco | 1 Unified Computing System | 2024-08-05 | 7.8 High |
| A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994. | ||||
| CVE-2018-0278 | 1 Cisco | 1 Firepower Management Center | 2024-08-05 | 6.5 Medium |
| A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311. | ||||
| CVE-2019-19681 | 1 Artica | 1 Pandora Fms | 2024-08-05 | 8.8 High |
| Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands | ||||
| CVE-2018-0110 | 1 Cisco | 1 Webex Meetings Server | 2024-08-05 | N/A |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741. | ||||
| CVE-2018-0096 | 1 Cisco | 1 Prime Infrastructure | 2024-08-05 | N/A |
| A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875. | ||||
| CVE-2019-1010084 | 1 Dancer\ | 1 \ | 2024-08-05 | N/A |
| Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes. | ||||
| CVE-2019-25058 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2024-08-05 | 7.8 High |
| An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. | ||||
| CVE-2019-25017 | 1 Mit | 1 Krb5-appl | 2024-08-05 | 5.9 Medium |
| An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | ||||
| CVE-2019-25018 | 1 Mit | 1 Krb5-appl | 2024-08-05 | 7.5 High |
| In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | ||||
| CVE-2019-20801 | 1 Readdle | 1 Documents | 2024-08-05 | 5.3 Medium |
| An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. | ||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2024-08-05 | 7.5 High |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | ||||
| CVE-2019-19984 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-08-05 | 6.3 Medium |
| The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. | ||||
| CVE-2019-19597 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2024-08-05 | 8.8 High |
| D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | ||||
| CVE-2019-19520 | 1 Openbsd | 1 Openbsd | 2024-08-05 | 7.8 High |
| xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. | ||||
| CVE-2019-19200 | 1 Reddoxx | 1 Maildepot | 2024-08-05 | 8.8 High |
| REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. | ||||