Vulnerabilities (CVE)

Filtered by CWE-668
Total 586 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12875 1 Alpinelinux 1 Abuild 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
CVE-2018-20947 1 Cpanel 1 Cpanel 2023-12-10 2.1 LOW 5.5 MEDIUM
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
CVE-2019-13379 1 Avtech 2 Room Alert 3e, Room Alert 3e Firmware 2023-12-10 9.0 HIGH 8.8 HIGH
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
CVE-2019-10365 1 Google 1 Kubernetes Engine 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.
CVE-2018-4048 1 Gog 1 Galaxy 2023-12-10 7.2 HIGH 7.8 HIGH
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.
CVE-2019-8934 2 Opensuse, Qemu 2 Leap, Qemu 2023-12-10 2.1 LOW 3.3 LOW
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2016-11007 1 Usabilitydynamics 1 Wp-invoice 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
CVE-2016-11008 1 Usabilitydynamics 1 Wp-invoice 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
CVE-2016-11009 1 Usabilitydynamics 1 Wp-invoice 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
CVE-2016-11006 1 Usabilitydynamics 1 Wp-invoice 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
CVE-2018-7846 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
CVE-2019-3569 1 Facebook 1 Hhvm 2023-12-10 5.0 MEDIUM 7.5 HIGH
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.
CVE-2017-12576 1 Planex 2 Cs-qr20, Cs-qr20 Firmware 2023-12-10 9.0 HIGH 7.2 HIGH
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
CVE-2019-8308 3 Debian, Flatpak, Redhat 8 Debian Linux, Flatpak, Enterprise Linux Desktop and 5 more 2023-12-10 4.4 MEDIUM 8.2 HIGH
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2018-15591 1 Ivanti 1 Workspace Control 2023-12-10 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.
CVE-2018-1840 1 Ibm 1 Websphere Application Server 2023-12-10 6.8 MEDIUM 8.1 HIGH
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.
CVE-2018-8040 2 Apache, Debian 2 Traffic Server, Debian Linux 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVE-2018-7072 1 Hp 1 Moonshot Provisioning Manager 2023-12-10 7.5 HIGH 9.8 CRITICAL
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2018-7073 2 Canonical, Hp 2 Ubuntu Linux, Moonshot Provisioning Manager 2023-12-10 2.1 LOW 5.5 MEDIUM
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
CVE-2018-20237 1 Atlassian 2 Confluence Data Center, Confluence Server 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.