Total
1515 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18495 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64. | ||||
CVE-2018-18435 | 1 Kioware | 1 Kioware Server | 2024-11-21 | N/A |
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as "Localsystem", this will allow any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a malicious one. | ||||
CVE-2018-18352 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. | ||||
CVE-2018-18349 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | ||||
CVE-2018-18332 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2024-11-21 | N/A |
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | ||||
CVE-2018-18331 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2024-11-21 | N/A |
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. | ||||
CVE-2018-18254 | 1 Capmon | 1 Access Manager | 2024-11-21 | N/A |
An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname. | ||||
CVE-2018-18098 | 2 Intel, Microsoft | 3 Sgx Platform Software, Sgx Sdk, Windows | 2024-11-21 | N/A |
Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access. | ||||
CVE-2018-18097 | 1 Intel | 1 Solid State Drive Toolbox | 2024-11-21 | N/A |
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2018-18094 | 1 Intel | 1 Media Sdk | 2024-11-21 | N/A |
Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2018-18093 | 1 Intel | 1 Vtune Amplifier | 2024-11-21 | N/A |
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. | ||||
CVE-2018-17892 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution. | ||||
CVE-2018-17873 | 1 Wifiranger | 2 Wifiranger, Wifiranger Firmware | 2024-11-21 | N/A |
An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. | ||||
CVE-2018-17872 | 1 Verint | 2 Collaboration Compliance, Quality Management Platform | 2024-11-21 | N/A |
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions. | ||||
CVE-2018-17776 | 1 Pcprotect | 1 Antivirus | 2024-11-21 | N/A |
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
CVE-2018-17775 | 1 Seqrite | 1 End Point Security | 2024-11-21 | N/A |
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
CVE-2018-17766 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 4.6 Medium |
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
CVE-2018-17305 | 1 Uipath | 1 Orchestrator | 2024-11-21 | N/A |
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. | ||||
CVE-2018-17037 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. | ||||
CVE-2018-16958 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. |