Total
1271 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0341 | 1 Sap | 1 Enable Now | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application. | |||||
| CVE-2019-0171 | 1 Intel | 2 Quartus Ii, Quartus Prime | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0138 | 1 Intel | 1 Acu Wizard | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0111 | 1 Intel | 1 Data Center Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0108 | 1 Intel | 1 Data Center Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. | |||||
| CVE-2019-0086 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-9867 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
| CVE-2018-8933 | 1 Amd | 2 Epyc Server, Epyc Server Firmware | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. | |||||
| CVE-2018-8932 | 1 Amd | 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. | |||||
| CVE-2018-8931 | 1 Amd | 6 Ryzen, Ryzen Firmware, Ryzen Mobile and 3 more | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. | |||||
| CVE-2018-8848 | 1 Philips | 1 E-alert Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. | |||||
| CVE-2018-8411 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-7924 | 1 Huawei | 2 Anne-al00, Anne-al00 Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. | |||||
| CVE-2018-7581 | 1 Weblogexpert | 1 Weblog Expert | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| \ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin. | |||||
| CVE-2018-7408 | 1 Npmjs | 1 Npm | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue. | |||||
| CVE-2018-7311 | 1 Privatevpn | 1 Privatevpn | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new VPN connection operations via the main PrivateVPN application. The privileged helper tool creates new VPN connections by executing the openvpn binary located in the /Applications/PrivateVPN.app/Contents/Resources directory. The openvpn binary can be overwritten by the default user, which allows an attacker that has already installed malicious software as the default user to replace the binary. When a new VPN connection is established, the privileged helper tool will launch this malicious binary, thus allowing an attacker to execute code as the root user. NOTE: the vendor has reportedly indicated that this behavior is "an acceptable part of their software. | |||||
| CVE-2018-7169 | 1 Shadow Project | 1 Shadow | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. | |||||
| CVE-2018-6978 | 1 Vmware | 1 Vrealize Operations | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine. | |||||
| CVE-2018-6755 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.2 HIGH |
| Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6623 | 1 Hola | 1 Vpn | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services. | |||||