ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4050 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. | ||||
| CVE-2018-4049 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges. | ||||
| CVE-2018-4028 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 7.5 High |
| An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. | ||||
| CVE-2018-3974 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges. | ||||
| CVE-2018-3705 | 1 Intel | 1 System Defense Utility | 2024-11-21 | N/A |
| Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. | ||||
| CVE-2018-3704 | 1 Intel | 2 Parallel Studio, Parallel Studio Xe | 2024-11-21 | N/A |
| Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access. | ||||
| CVE-2018-3703 | 2 Intel, Microsoft | 2 Ssd Data Center Tool, Windows | 2024-11-21 | N/A |
| Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access. | ||||
| CVE-2018-3702 | 2 Intel, Microsoft | 2 Ite Tech Consumer Infrared Driver, Windows 10 | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2018-3701 | 1 Intel | 1 Proset\/wireless Wifi | 2024-11-21 | N/A |
| Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2018-3697 | 1 Intel | 1 Media Server Studio | 2024-11-21 | N/A |
| Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. | ||||
| CVE-2018-2490 | 1 Sap | 1 Fiori Client | 2024-11-21 | N/A |
| The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2489 | 1 Sap | 1 Fiori Client | 2024-11-21 | N/A |
| Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | ||||
| CVE-2018-2024 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 8.1 High |
| IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 155350. | ||||
| CVE-2018-21265 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | ||||
| CVE-2018-21261 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges. | ||||
| CVE-2018-21256 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command. | ||||
| CVE-2018-21255 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel. | ||||
| CVE-2018-21254 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command. | ||||
| CVE-2018-21253 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. | ||||
| CVE-2018-21252 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. | ||||