Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20871 | 1 Univa | 1 Grid Engine | 2020-08-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). | |||||
| CVE-2018-20798 | 1 Netgate | 1 Pfsense | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions. | |||||
| CVE-2019-16187 | 1 Limesurvey | 1 Limesurvey | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. | |||||
| CVE-2019-13142 | 1 Razer | 1 Surround | 2020-08-24 | 6.6 MEDIUM | 5.5 MEDIUM |
| The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege. | |||||
| CVE-2018-20500 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. | |||||
| CVE-2018-20145 | 1 Eclipse | 1 Mosquitto | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. | |||||
| CVE-2019-13069 | 1 Extenua | 1 Silvershield | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service. | |||||
| CVE-2018-19860 | 2 Broadcom, Cypress | 126 Bcm4335c0, Bcm4335c0 Firmware, Bcm43438a1 and 123 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. | |||||
| CVE-2018-19836 | 1 Metinfo | 1 Metinfo | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter. | |||||
| CVE-2019-17388 | 4 Aviatrix, Freebsd, Linux and 1 more | 4 Vpn Client, Freebsd, Linux Kernel and 1 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. | |||||
| CVE-2018-19446 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2019-13009 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. | |||||
| CVE-2019-12876 | 1 Zohocorp | 3 Manageengine Admanager Plus, Manageengine Adselfservice Plus, Manageengine Desktop Central | 2020-08-24 | 8.5 HIGH | 7.3 HIGH |
| Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. | |||||
| CVE-2018-18812 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2020-08-24 | 3.5 LOW | 5.3 MEDIUM |
| The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0. | |||||
| CVE-2018-18630 | 2 Changehealthcare, Mckesson | 6 Cardiology, Cardiology Firmware, Cardiology and 3 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code. | |||||
| CVE-2018-18561 | 1 Roche | 8 Accu-chek Inform Ii, Accu-chek Inform Ii Firmware, Base Unit Hub and 5 more | 2020-08-24 | 7.7 HIGH | 8.0 HIGH |
| An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system. | |||||
| CVE-2018-18495 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64. | |||||
| CVE-2018-18332 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | |||||
| CVE-2018-18331 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. | |||||
| CVE-2019-18449 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2). | |||||