Total
4343 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19634 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2024-11-21 | 7.5 High |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. | ||||
| CVE-2018-19588 | 1 Alarm | 2 Adc-v522ir, Adc-v522ir Firmware | 2024-11-21 | N/A |
| Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. | ||||
| CVE-2018-19577 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | ||||
| CVE-2018-19576 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | ||||
| CVE-2018-19496 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. | ||||
| CVE-2018-19494 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. | ||||
| CVE-2018-18958 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A |
| OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | ||||
| CVE-2018-18495 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64. | ||||
| CVE-2018-17953 | 3 Kernel, Opensuse, Suse | 3 Linux-pam, Leap, Linux Enterprise | 2024-11-21 | N/A |
| A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | ||||
| CVE-2018-17931 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | N/A |
| If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges. | ||||
| CVE-2018-17921 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2024-11-21 | 8.8 High |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. | ||||
| CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | ||||
| CVE-2018-17559 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | 7.5 High |
| Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | ||||
| CVE-2018-17151 | 1 Intersystems | 1 Cache | 2024-11-21 | N/A |
| Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. | ||||
| CVE-2018-17148 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | ||||
| CVE-2018-16553 | 1 Jspxcms | 1 Jspxcms | 2024-11-21 | N/A |
| In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. | ||||
| CVE-2018-16476 | 2 Redhat, Rubyonrails | 3 Cloudforms, Cloudforms Managementengine, Rails | 2024-11-21 | N/A |
| A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. | ||||
| CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A |
| Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | ||||
| CVE-2018-15645 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.5 Medium |
| Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | ||||
| CVE-2018-15640 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.8 High |
| Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request. | ||||