ReportizFlow
Filtered by vendor
Subscriptions
Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17872 | 1 Verint | 2 Collaboration Compliance, Quality Management Platform | 2024-11-21 | N/A |
| Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions. | ||||
| CVE-2018-17776 | 1 Pcprotect | 1 Antivirus | 2024-11-21 | N/A |
| PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
| CVE-2018-17775 | 1 Seqrite | 1 End Point Security | 2024-11-21 | N/A |
| Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
| CVE-2018-17766 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2024-11-21 | 4.6 Medium |
| Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | ||||
| CVE-2018-17305 | 1 Uipath | 1 Orchestrator | 2024-11-21 | N/A |
| UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution. | ||||
| CVE-2018-17037 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3. | ||||
| CVE-2018-16958 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||
| CVE-2018-16715 | 1 Absolute | 1 Ctes Windows Agent | 2024-11-21 | N/A |
| An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior. | ||||
| CVE-2018-16703 | 1 Gleeztech | 1 Gleez Cms | 2024-11-21 | N/A |
| A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side access control and login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Portal login page. An exploit could allow the attacker to identify existing users and perform brute-force password attacks on the Portal, as demonstrated by navigating to the user/4 URI. | ||||
| CVE-2018-16588 | 1 Suse | 2 Linux Enterprise, Shadow | 2024-11-21 | N/A |
| Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. | ||||
| CVE-2018-16545 | 1 Kzsoftware | 2 Asset Manager, Training Manager | 2024-11-21 | N/A |
| Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp). | ||||
| CVE-2018-16145 | 1 Opsview | 1 Opsview | 2024-11-21 | N/A |
| The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. | ||||
| CVE-2018-16087 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||
| CVE-2018-15869 | 1 Hashicorp | 1 Packer | 2024-11-21 | N/A |
| An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | ||||
| CVE-2018-15835 | 1 Google | 1 Android | 2024-11-21 | N/A |
| Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. | ||||
| CVE-2018-15809 | 1 Accupos | 1 Accupos | 2024-11-21 | N/A |
| AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files. | ||||
| CVE-2018-15768 | 1 Dell | 1 Openmanage Network Manager | 2024-11-21 | N/A |
| Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database. | ||||
| CVE-2018-15681 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. | ||||
| CVE-2018-15645 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.5 Medium |
| Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. | ||||
| CVE-2018-15509 | 1 Five9 | 1 Agent Desktop Plus | 2024-11-21 | N/A |
| Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2). | ||||