Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18093 | 1 Intel | 1 Vtune Amplifier | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. | |||||
| CVE-2017-7821 | 1 Mozilla | 1 Firefox | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56. | |||||
| CVE-2018-10381 | 1 Mcafee | 1 Tunnelbear | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2017-16638 | 1 Vde Project | 1 Vde | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script. | |||||
| CVE-2018-5349 | 1 Heimdalsecurity | 1 Heimdal | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process Heimdal.MonitorServices.exe running as SYSTEM will attempt to load version.dll from this directory. Placing a malicious version.dll in this directory will result in privilege escalation. NOTE: any affected Heimdal products are completely unrelated to the Heimdal vendor of a Kerberos 5 product on the h5l.org web site. | |||||
| CVE-2017-0913 | 1 Ubnt | 1 Ucrm | 2019-10-03 | 1.9 LOW | 4.7 MEDIUM |
| Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization". | |||||
| CVE-2018-1000209 | 1 Sensu | 1 Sensu Core | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later. | |||||
| CVE-2018-1000207 | 1 Modx | 1 Modx Revolution | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68. | |||||
| CVE-2018-12642 | 1 Froxlor | 1 Froxlor | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | |||||
| CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | |||||
| CVE-2018-11191 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6). | |||||
| CVE-2018-12200 | 1 Intel | 1 Capability Licensing Service | 2019-10-03 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access. | |||||
| CVE-2017-15877 | 1 Sistemagpweb | 1 Gpweb | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | |||||
| CVE-2018-3705 | 1 Intel | 1 System Defense Utility | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. | |||||
| CVE-2018-10170 | 1 Nordvpn | 1 Nordvpn | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-10710 | 1 Asrock | 4 A-tuning, F-stream, Restart To Uefi and 1 more | 2019-10-03 | 7.2 HIGH | 7.1 HIGH |
| The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. | |||||
| CVE-2017-9780 | 2 Debian, Flatpak | 2 Debian Linux, Flatpak | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root. | |||||
| CVE-2018-12335 | 1 Ecos | 1 System Management Appliance | 2019-10-03 | 4.1 MEDIUM | 7.3 HIGH |
| Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. | |||||
| CVE-2018-17775 | 1 Seqrite | 1 End Point Security | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | |||||
| CVE-2017-1000022 | 1 Logicaldoc | 1 Logicaldoc | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | |||||