Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5540 | 1 F5 | 6 Big-ip Domain Name System, Big-ip Global Traffic Manager, Big-iq Centralized Management and 3 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. | |||||
| CVE-2018-5516 | 1 F5 | 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. | |||||
| CVE-2018-5490 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release. | |||||
| CVE-2018-5413 | 1 Imperva | 1 Securesphere | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. | |||||
| CVE-2018-5349 | 1 Heimdalsecurity | 1 Heimdal | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. | |||||
| CVE-2018-5342 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. | |||||
| CVE-2018-5313 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. | |||||
| CVE-2018-4324 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4251 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access. | |||||
| CVE-2018-4238 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri. | |||||
| CVE-2018-4220 | 1 Apple | 1 Swift | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are enabled during library loading. | |||||
| CVE-2018-4178 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4. | |||||
| CVE-2018-4073 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability. | |||||
| CVE-2018-4072 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint. | |||||
| CVE-2018-4051 | 1 Gog | 1 Galaxy | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories. | |||||
| CVE-2018-4050 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. | |||||
| CVE-2018-4049 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges. | |||||
| CVE-2018-4028 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. | |||||
| CVE-2018-3974 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges. | |||||
| CVE-2018-3705 | 1 Intel | 1 System Defense Utility | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. | |||||