Total
2234 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16888 | 4 Canonical, Netapp, Redhat and 1 more | 6 Ubuntu Linux, Active Iq Performance Analytics Services, Element Software and 3 more | 2024-11-21 | 4.7 Medium |
| It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. | ||||
| CVE-2018-16497 | 1 Versa-networks | 1 Versa Analytics | 2024-11-21 | 7.8 High |
| In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group. | ||||
| CVE-2018-16272 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2024-11-21 | 9.8 Critical |
| The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-16271 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2024-11-21 | 6.5 Medium |
| The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-16270 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2024-11-21 | 7.5 High |
| Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. | ||||
| CVE-2018-16268 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2024-11-21 | 4.3 Medium |
| The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-16267 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2024-11-21 | 8.1 High |
| The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-16266 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2024-11-21 | 8.1 High |
| The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-16265 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2024-11-21 | 6.5 Medium |
| The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-16263 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2024-11-21 | 8.8 High |
| The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-16262 | 2 Linux, Samsung | 2 Tizen, Galaxy Gear | 2024-11-21 | 8.8 High |
| The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | ||||
| CVE-2018-15912 | 1 Manjaro | 1 Manjaro Linux | 2024-11-21 | N/A |
| An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system. | ||||
| CVE-2018-15762 | 1 Pivotal Software | 1 Operations Manager | 2024-11-21 | N/A |
| Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman. | ||||
| CVE-2018-15592 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | N/A |
| An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector. | ||||
| CVE-2018-15557 | 1 Actiontec | 2 Web6000q, Web6000q Firmware | 2024-11-21 | N/A |
| An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat. | ||||
| CVE-2018-15331 | 1 F5 | 1 Big-ip Application Acceleration Manager | 2024-11-21 | N/A |
| On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system. | ||||
| CVE-2018-15321 | 1 F5 | 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more | 2024-11-21 | N/A |
| When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack. | ||||
| CVE-2018-15207 | 1 Bpcbt | 1 Smartvista | 2024-11-21 | N/A |
| BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin. | ||||
| CVE-2018-14894 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | N/A |
| CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | ||||
| CVE-2018-14836 | 1 Subrion | 1 Subrion Cms | 2024-11-21 | N/A |
| Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel. | ||||