Total
2820 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | ||||
CVE-2018-20890 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | ||||
CVE-2018-19576 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | ||||
CVE-2018-19577 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 5.3 Medium |
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | ||||
CVE-2018-19588 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2024-08-05 | N/A |
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. | ||||
CVE-2018-19494 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. | ||||
CVE-2018-19496 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. | ||||
CVE-2018-18958 | 1 Opnsense | 1 Opnsense | 2024-08-05 | N/A |
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | ||||
CVE-2018-18495 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | N/A |
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64. | ||||
CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | ||||
CVE-2018-17931 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-08-05 | N/A |
If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges. | ||||
CVE-2018-17148 | 1 Nagios | 1 Nagios Xi | 2024-08-05 | N/A |
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | ||||
CVE-2018-17151 | 1 Intersystems | 1 Cache | 2024-08-05 | N/A |
Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. | ||||
CVE-2018-16838 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2024-08-05 | N/A |
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. | ||||
CVE-2018-16553 | 1 Jspxcms | 1 Jspxcms | 2024-08-05 | N/A |
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. | ||||
CVE-2018-16476 | 2 Redhat, Rubyonrails | 3 Cloudforms, Cloudforms Managementengine, Rails | 2024-08-05 | N/A |
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. | ||||
CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | ||||
CVE-2018-15645 | 1 Odoo | 1 Odoo | 2024-08-05 | 6.5 Medium |
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | ||||
CVE-2018-15631 | 1 Odoo | 1 Odoo | 2024-08-05 | 6.5 Medium |
Improper access control in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote authenticated attackers to e-mail themselves arbitrary files from the database, via a crafted RPC request. | ||||
CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2024-08-05 | N/A |
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. |