Total
2077 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11912 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. | ||||
| CVE-2018-11911 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. | ||||
| CVE-2018-11786 | 1 Apache | 1 Karaf | 2024-11-21 | N/A |
| In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user. | ||||
| CVE-2018-11767 | 1 Apache | 1 Hadoop | 2024-11-21 | N/A |
| In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms. | ||||
| CVE-2018-11614 | 1 Samsung | 1 Samsung Members | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Intents. The issue lies in the ability to send an Intent that would not otherwise be reachable. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5361. | ||||
| CVE-2018-11323 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. | ||||
| CVE-2018-11190 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | ||||
| CVE-2018-11008 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 5.5 Medium |
| An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | ||||
| CVE-2018-11006 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 5.5 Medium |
| An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | ||||
| CVE-2018-10906 | 3 Debian, Fuse Project, Redhat | 6 Debian Linux, Fuse, Enterprise Linux and 3 more | 2024-11-21 | N/A |
| In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. | ||||
| CVE-2018-10853 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-11-21 | N/A |
| A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. | ||||
| CVE-2018-10550 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | N/A |
| In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to. | ||||
| CVE-2018-10514 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security, Internet Security and 2 more | 2024-11-21 | N/A |
| A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | ||||
| CVE-2018-10502 | 1 Samsung | 1 Galaxy Apps | 2024-11-21 | N/A |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of a staging mode. The issue lies in the ability to change the configuration based on the presence of a file in an user-controlled location. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5359. | ||||
| CVE-2018-10190 | 1 Londontrustmedia | 1 Private Internet Access | 2024-11-21 | N/A |
| A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The "Changelog" and "Help" options available from the system tray context menu spawn an elevated instance of the user's default web browser. An attacker could exploit this vulnerability by selecting "Run as Administrator" from the context menu of an executable file within the file browser of the spawned default web browser. This may allow the attacker to execute privileged commands on the targeted system. | ||||
| CVE-2018-10172 | 1 7-zip | 1 7-zip | 2024-11-21 | N/A |
| 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows. | ||||
| CVE-2018-10168 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | N/A |
| TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. | ||||
| CVE-2018-10143 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | N/A |
| The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application. | ||||
| CVE-2018-10079 | 1 Vertiv | 1 Watchdog Console | 2024-11-21 | 7.8 High |
| Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml. | ||||
| CVE-2018-1000866 | 2 Jenkins, Redhat | 3 Pipeline\, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permission, or unauthorized attackers with SCM commit privileges and corresponding pipelines based on Jenkinsfiles set up in Jenkins, to execute arbitrary code on the Jenkins master JVM | ||||