Total
271 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1308 | 1 Ibm | 1 Daeja Viewone | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. | |||||
| CVE-2018-5112 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58. | |||||
| CVE-2017-7079 | 1 Apple | 1 Itunes | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app. | |||||
| CVE-2017-11746 | 1 Inversepath | 1 Tenshi | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. | |||||
| CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||||
| CVE-2017-10930 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | |||||
| CVE-2018-9587 | 1 Google | 1 Android | 2019-10-03 | 4.4 MEDIUM | 7.3 HIGH |
| In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344. | |||||
| CVE-2018-16946 | 1 Lg | 36 Lnb5110, Lnb5110 Firmware, Lnb5320 and 33 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. | |||||
| CVE-2019-14273 | 1 Silverstripe | 1 Silverstripe | 2019-09-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| In SilverStripe assets 4.0, there is broken access control on files. | |||||
| CVE-2016-10829 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | |||||
| CVE-2017-2551 | 1 Inpsyde | 1 Backwpup | 2017-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | |||||