Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11361 | 1 Intenogroup | 2 Inteno Router, Inteno Router Firmware | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.) | |||||
| CVE-2018-19853 | 1 Hitshop Project | 1 Hitshop | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account. | |||||
| CVE-2018-4310 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 7.5 HIGH | 10.0 CRITICAL |
| An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. | |||||
| CVE-2018-10168 | 1 Tp-link | 1 Eap Controller | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-0610 | 1 Zenphoto | 1 Zenphoto | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. | |||||
| CVE-2017-17384 | 1 Ispconfig | 1 Ispconfig | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | |||||
| CVE-2017-7767 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
| CVE-2017-9450 | 1 Amazon | 1 Amazon Web Services Cloudformation Bootstrap | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | |||||
| CVE-2017-1326 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. | |||||
| CVE-2017-8187 | 1 Huawei | 2 Fusionsphere Openstack, Fusionsphere Openstack Firmware | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. | |||||
| CVE-2018-1134 | 1 Moodle | 1 Moodle | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. | |||||
| CVE-2017-1000156 | 1 Mahara | 1 Mahara | 2019-10-03 | 5.5 MEDIUM | 6.5 MEDIUM |
| Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role. | |||||
| CVE-2017-6342 | 1 Dahuasecurity | 4 Camera Firmware, Dhi-hcvr7216a-s3, Nvr Firmware and 1 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. | |||||
| CVE-2017-1000241 | 1 Open-emr | 1 Openemr | 2019-10-03 | 6.5 MEDIUM | 8.1 HIGH |
| The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. | |||||
| CVE-2018-14894 | 1 Cyberark | 1 Endpoint Privilege Manager | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | |||||
| CVE-2018-1000503 | 1 Mybb | 1 Mybb | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15. | |||||
| CVE-2017-6954 | 1 Buddypress | 1 Buddypress | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. | |||||
| CVE-2017-7532 | 1 Moodle | 1 Moodle | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Moodle 3.x, course creators are able to change system default settings for courses. | |||||
| CVE-2018-5706 | 1 Octopus | 1 Octopus Deploy | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission. | |||||
| CVE-2018-11912 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access. | |||||