Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5642 | 1 Apache | 1 Ambari | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | |||||
| CVE-2018-7535 | 1 Totalav | 1 Totalav | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product. | |||||
| CVE-2018-11906 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. | |||||
| CVE-2017-1382 | 1 Ibm | 1 Websphere Application Server | 2019-10-03 | 3.6 LOW | 7.1 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. | |||||
| CVE-2017-11741 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. | |||||
| CVE-2017-12763 | 3 Apple, Linux, Nomachine | 3 Mac Os X, Linux Kernel, Nomachine | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | |||||
| CVE-2017-1000084 | 1 Jenkins | 1 Parameterized Trigger | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | |||||
| CVE-2017-4975 | 1 Pivotal | 1 Pcf Tile Generator | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator. | |||||
| CVE-2017-7794 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. | |||||
| CVE-2017-6404 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | |||||
| CVE-2017-5622 | 1 Oneplus | 3 Oneplus 3, Oneplus 3t, Oxygenos | 2019-10-03 | 3.6 LOW | 5.9 MEDIUM |
| With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. | |||||
| CVE-2018-12175 | 1 Intel | 1 Distribution For Python | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. | |||||
| CVE-2017-16522 | 1 Mitrastar | 4 Dsl-100hn-t1, Dsl-100hn-t1 Firmware, Gpt-2541gnac and 1 more | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | |||||
| CVE-2017-5684 | 1 Intel | 2 Stk2mv64cc, Stk2mv64cc Bios | 2019-10-03 | 2.1 LOW | 3.9 LOW |
| The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | |||||
| CVE-2017-0369 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | |||||
| CVE-2017-0847 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999. | |||||
| CVE-2017-1000089 | 1 Jenkins | 1 Pipeline\ | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | |||||
| CVE-2017-7761 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2019-10-03 | 3.6 LOW | 5.5 MEDIUM |
| The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | |||||
| CVE-2018-9085 | 2 Ibm, Lenovo | 56 Bladecenter, Bladecenter Hs23 Firmware, Bladecenter Hs23e Firmware and 53 more | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. | |||||
| CVE-2018-19592 | 1 Corsair | 19 Axi, Commander Mini, Commander Pro and 16 more | 2019-10-01 | 7.2 HIGH | 7.8 HIGH |
| The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441. | |||||