Total
1418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15465 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device. | |||||
| CVE-2018-7957 | 1 Huawei | 2 Victoria-al00, Victoria-al00 Firmware | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. | |||||
| CVE-2018-10910 | 2 Bluez, Canonical | 2 Bluez, Ubuntu Linux | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. | |||||
| CVE-2018-6980 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform. | |||||
| CVE-2018-15692 | 1 Inova-software | 1 Inova Partner | 2024-02-28 | 3.5 LOW | 6.4 MEDIUM |
| Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. | |||||
| CVE-2018-7925 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. | |||||
| CVE-2017-17708 | 1 Pleasantsolutions | 1 Pleasant Password Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3. | |||||
| CVE-2018-17195 | 1 Apache | 1 Nifi | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
| The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, and injecting malicious code into an unprotected (plaintext HTTP) website which the targeted user later visits, but the possible damage warranted a Severe severity level. Mitigation: The fix to apply Cross-Origin Resource Sharing (CORS) policy request filtering was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2018-15754 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
| Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider. | |||||
| CVE-2018-17857 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. | |||||
| CVE-2018-7926 | 1 Huawei | 2 Watch 2, Watch 2 Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. | |||||
| CVE-2019-1667 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected. | |||||
| CVE-2017-3183 | 1 Sage | 1 Xrt Treasury | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database. | |||||
| CVE-2018-7929 | 1 Huawei | 2 Mate Rs, Mate Rs Firmware | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations. | |||||
| CVE-2018-20685 | 9 Canonical, Debian, Fujitsu and 6 more | 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more | 2024-02-28 | 2.6 LOW | 5.3 MEDIUM |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | |||||
| CVE-2018-9488 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. | |||||
| CVE-2018-7079 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. | |||||
| CVE-2018-12391 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
| CVE-2018-1000805 | 4 Canonical, Debian, Paramiko and 1 more | 11 Ubuntu Linux, Debian Linux, Paramiko and 8 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2018-1245 | 1 Emc | 1 Rsa Identity Governance And Lifecycle | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. | |||||