Filtered by vendor
Subscriptions
Total
718 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-12795 | 2 Gnome, Redhat | 2 Gvfs, Enterprise Linux | 2024-11-21 | N/A |
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) | ||||
CVE-2019-12671 | 1 Cisco | 30 4321\/k9-rf Integrated Services Router, 4321\/k9-ws Integrated Services Router, 4321\/k9 Integrated Services Router and 27 more | 2024-11-21 | 7.8 High |
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS. | ||||
CVE-2019-11725 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 6.5 Medium |
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68. | ||||
CVE-2019-11724 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 6.1 Medium |
Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. | ||||
CVE-2019-10159 | 1 Redhat | 3 Cfme-gemset, Cloudforms, Cloudforms Managementengine | 2024-11-21 | 4.3 Medium |
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available. | ||||
CVE-2019-10154 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 High |
A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations. | ||||
CVE-2019-0816 | 3 Canonical, Microsoft, Redhat | 3 Ubuntu Linux, Azure, Enterprise Linux | 2024-11-21 | N/A |
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'. | ||||
CVE-2019-0212 | 1 Apache | 1 Hbase | 2024-11-21 | N/A |
In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. | ||||
CVE-2018-9867 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.5 Medium |
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | ||||
CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | 5.3 Medium |
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | ||||
CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2024-11-21 | 5.3 Medium |
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | ||||
CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | ||||
CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | ||||
CVE-2018-1296 | 1 Apache | 1 Hadoop | 2024-11-21 | N/A |
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. | ||||
CVE-2018-1116 | 4 Canonical, Debian, Polkit Project and 1 more | 4 Ubuntu Linux, Debian Linux, Polkit and 1 more | 2024-11-21 | 4.4 Medium |
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. | ||||
CVE-2018-1113 | 2 Fedoraproject, Redhat | 6 Fedora, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. | ||||
CVE-2018-1082 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site. | ||||
CVE-2018-19581 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | ||||
CVE-2018-19578 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | ||||
CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. |