Total
638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5634 | 1 Norwegian-air | 1 Norwegian Air Kiosk | 2019-10-03 | 7.2 HIGH | 6.6 MEDIUM |
| The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | |||||
| CVE-2017-0215 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 5.3 MEDIUM |
| Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | |||||
| CVE-2018-15591 | 1 Ivanti | 1 Workspace Control | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors. | |||||
| CVE-2017-6100 | 1 Tcpdf Project | 1 Tcpdf | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | |||||
| CVE-2017-8418 | 1 Rubocop Project | 1 Rubocop | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. | |||||
| CVE-2018-7073 | 2 Canonical, Hp | 2 Ubuntu Linux, Moonshot Provisioning Manager | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
| CVE-2018-10361 | 1 Kde | 1 Ktexteditor | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation. | |||||
| CVE-2017-16660 | 1 Cacti | 1 Cacti | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | |||||
| CVE-2017-7490 | 1 Moodle | 1 Moodle | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | |||||
| CVE-2018-18068 | 1 Raspberrypi | 2 Raspberry Pi 3 Model B\+, Raspberry Pi 3 Model B\+ Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3. | |||||
| CVE-2019-16518 | 1 Vandyvape | 2 Swell Kit Mod, Swell Kit Mod Firmware | 2019-09-23 | 3.3 LOW | 4.3 MEDIUM |
| An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values. | |||||
| CVE-2016-11010 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | |||||
| CVE-2016-11009 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | |||||
| CVE-2016-11007 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | |||||
| CVE-2016-11008 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | |||||
| CVE-2016-11006 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | |||||
| CVE-2016-10840 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | |||||
| CVE-2018-20947 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | |||||