Total
1430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5489 | 1 Netapp | 1 7-mode Transition Tool | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities. | |||||
CVE-2018-7957 | 1 Huawei | 2 Victoria-al00, Victoria-al00 Firmware | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. | |||||
CVE-2018-6980 | 1 Vmware | 1 Vrealize Log Insight | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform. | |||||
CVE-2018-7363 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | |||||
CVE-2018-1250 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI. | |||||
CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | |||||
CVE-2018-7988 | 1 Huawei | 4 Mate 9 Pro, Mate 9 Pro Firmware, Nova 2 Plus and 1 more | 2023-12-10 | 3.6 LOW | 4.6 MEDIUM |
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. | |||||
CVE-2018-18397 | 3 Canonical, Linux, Redhat | 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | |||||
CVE-2018-12391 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
CVE-2018-7926 | 1 Huawei | 2 Watch 2, Watch 2 Firmware | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. | |||||
CVE-2018-1000412 | 1 Jenkins | 1 Jira | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2018-9492 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948 | |||||
CVE-2019-7639 | 2 Fedoraproject, Gsi-openssh Project | 2 Fedora, Gsi-openssh | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. | |||||
CVE-2018-15767 | 1 Dell | 1 Openmanage Network Manager | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file. | |||||
CVE-2018-1000418 | 1 Atlassian | 1 Hipchat | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2018-7925 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. | |||||
CVE-2018-0460 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system. | |||||
CVE-2017-17708 | 1 Pleasantsolutions | 1 Pleasant Password Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3. | |||||
CVE-2018-1000805 | 4 Canonical, Debian, Paramiko and 1 more | 11 Ubuntu Linux, Debian Linux, Paramiko and 8 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | |||||
CVE-2018-13356 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. |