Total
1540 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13411 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. | ||||
| CVE-2018-13399 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
| The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | ||||
| CVE-2018-13355 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | ||||
| CVE-2018-13321 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | N/A |
| Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | ||||
| CVE-2018-13122 | 1 Onefilecms | 1 Onefilecms | 2024-11-21 | 6.5 Medium |
| onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. | ||||
| CVE-2018-13110 | 1 Adbglobal | 8 Dv2210, Dv2210 Firmware, Prg Av4202n and 5 more | 2024-11-21 | N/A |
| All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. | ||||
| CVE-2018-13025 | 1 Yxcms | 1 Yxcms | 2024-11-21 | N/A |
| protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | ||||
| CVE-2018-12979 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. | ||||
| CVE-2018-12922 | 1 Vertiv | 2 Liebert Intellislot, Liebert Intellislot Firmware | 2024-11-21 | 7.5 High |
| Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | ||||
| CVE-2018-12642 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A |
| Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | ||||
| CVE-2018-12615 | 1 Phusion | 1 Passenger | 2024-11-21 | N/A |
| An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges. | ||||
| CVE-2018-12546 | 1 Eclipse | 1 Mosquitto | 2024-11-21 | 6.5 Medium |
| In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. | ||||
| CVE-2018-12467 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. | ||||
| CVE-2018-12466 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | ||||
| CVE-2018-12457 | 1 Expresscart Project | 1 Expresscart | 2024-11-21 | N/A |
| expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | ||||
| CVE-2018-12396 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | N/A |
| A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | ||||
| CVE-2018-12357 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | N/A |
| Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | ||||
| CVE-2018-12335 | 1 Ecos | 1 System Management Appliance | 2024-11-21 | N/A |
| Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. | ||||
| CVE-2018-12296 | 1 Seagate | 1 Nas Os | 2024-11-21 | N/A |
| Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests. | ||||
| CVE-2018-12259 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | N/A |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise. | ||||