Total
1220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0423 | 1 Google | 1 Android | 2019-10-03 | 2.9 LOW | 5.3 MEDIUM |
| An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. | |||||
| CVE-2018-6606 | 1 Malwarefox | 1 Antimalware | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges. | |||||
| CVE-2018-14703 | 1 Drobo | 2 5n2, 5n2 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password. | |||||
| CVE-2017-7146 | 1 Apple | 1 Iphone Os | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling. | |||||
| CVE-2017-13168 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. | |||||
| CVE-2018-11193 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | |||||
| CVE-2017-0593 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230. | |||||
| CVE-2018-1000165 | 1 Lightsaml | 1 Lightsaml | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later. | |||||
| CVE-2017-5426 | 2 Linux, Mozilla | 3 Linux Kernel, Firefox, Thunderbird | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2018-4072 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint. | |||||
| CVE-2017-15352 | 1 Huawei | 10 Oceanstor 2800, Oceanstor 2800 Firmware, Oceanstor 5300 and 7 more | 2019-10-03 | 2.9 LOW | 3.1 LOW |
| Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal. | |||||
| CVE-2018-1000025 | 1 Firebase Admin Sdk For Php Project | 1 Firebase Admin Sdk For Php | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1. | |||||
| CVE-2018-18097 | 1 Intel | 1 Solid State Drive Toolbox | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-15482 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. | |||||
| CVE-2017-0830 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498. | |||||
| CVE-2018-7581 | 1 Weblogexpert | 1 Weblog Expert | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| \ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin. | |||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | |||||
| CVE-2018-10285 | 1 Ericssonlg | 1 Ipecs Nms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | |||||
| CVE-2018-6623 | 1 Hola | 1 Vpn | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services. | |||||
| CVE-2018-14043 | 1 Monetra | 1 Mstdlib | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data. | |||||