Total
2158 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0678 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-0552 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | N/A |
| An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||||
| CVE-2019-0384 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2024-11-21 | 8.8 High |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. | ||||
| CVE-2019-0383 | 1 Sap | 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) | 2024-11-21 | 8.8 High |
| Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2019-0276 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2024-11-21 | N/A |
| Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. | ||||
| CVE-2019-0105 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A |
| Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2018-9492 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948 | ||||
| CVE-2018-9488 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. | ||||
| CVE-2018-8927 | 1 Synology | 1 Calendar | 2024-11-21 | N/A |
| Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | ||||
| CVE-2018-8790 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | N/A |
| Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. | ||||
| CVE-2018-8724 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. | ||||
| CVE-2018-8044 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. | ||||
| CVE-2018-7988 | 1 Huawei | 4 Mate 9 Pro, Mate 9 Pro Firmware, Nova 2 Plus and 1 more | 2024-11-21 | N/A |
| There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. | ||||
| CVE-2018-7957 | 1 Huawei | 2 Victoria-al00, Victoria-al00 Firmware | 2024-11-21 | N/A |
| Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. | ||||
| CVE-2018-7929 | 1 Huawei | 2 Mate Rs, Mate Rs Firmware | 2024-11-21 | N/A |
| Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations. | ||||
| CVE-2018-7926 | 1 Huawei | 2 Watch 2, Watch 2 Firmware | 2024-11-21 | N/A |
| Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. | ||||
| CVE-2018-7925 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2024-11-21 | N/A |
| The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. | ||||
| CVE-2018-7366 | 1 Zte | 2 Zxv10 B860av2.1 Chinamobile, Zxv10 B860av2.1 Chinamobile Firmware | 2024-11-21 | N/A |
| ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | ||||
| CVE-2018-7363 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | ||||
| CVE-2018-7245 | 1 Schneider-electric | 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more | 2024-11-21 | N/A |
| An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization. | ||||