Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7822 | 1 Schneider-electric | 3 Modicon M221, Modicon M221 Firmware, Somachine Basic | 2024-11-21 | 5.5 Medium |
| An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. | ||||
| CVE-2018-7535 | 1 Totalav | 1 Totalav | 2024-11-21 | N/A |
| An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product. | ||||
| CVE-2018-7533 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | N/A |
| An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. | ||||
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 7.4 High |
| Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | ||||
| CVE-2018-2025 | 1 Ibm | 2 Spectrum Protect, Spectrum Protect For Virtual Environments | 2024-11-21 | 4.4 Medium |
| IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551. | ||||
| CVE-2018-21061 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). | ||||
| CVE-2018-20090 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | 8.3 High |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. | ||||
| CVE-2018-19592 | 1 Corsair | 19 Axi, Commander Mini, Commander Pro and 16 more | 2024-11-21 | 7.8 High |
| The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. | ||||
| CVE-2018-17860 | 1 Cloudera | 1 Cdh | 2024-11-21 | 7.2 High |
| Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1. | ||||
| CVE-2018-14650 | 2 Redhat, Sos-collector Project | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | N/A |
| It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. | ||||
| CVE-2018-14335 | 2 H2database, Redhat | 2 H2, Jboss Data Grid | 2024-11-21 | 6.5 Medium |
| An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file. | ||||
| CVE-2018-13287 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
| CVE-2018-12441 | 1 Corsair | 1 Corsair Utility Engine | 2024-11-21 | N/A |
| The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service. | ||||
| CVE-2018-12175 | 1 Intel | 1 Distribution For Python | 2024-11-21 | N/A |
| Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. | ||||
| CVE-2018-12160 | 1 Intel | 1 Data Migration Software | 2024-11-21 | N/A |
| DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. | ||||
| CVE-2018-11906 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. | ||||
| CVE-2018-11454 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2024-11-21 | N/A |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. | ||||
| CVE-2018-11453 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2024-11-21 | N/A |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. | ||||
| CVE-2018-10605 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2024-11-21 | N/A |
| Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU. | ||||
| CVE-2018-10604 | 1 Selinc | 1 Sel Compass | 2024-11-21 | 8.8 High |
| SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. | ||||