Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10518 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-02 | 8.5 HIGH | 6.5 MEDIUM |
| In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation in the admin dashboard contains an arbitrary file deletion vulnerability that can cause DoS, exploitable by an admin user, because the attacker can remove all lib/ files in all directories. | |||||
| CVE-2018-10381 | 1 Mcafee | 1 Tunnelbear | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-1036 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-02 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-10285 | 1 Ericssonlg | 1 Ipecs Nms | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | |||||
| CVE-2018-10204 | 1 Purevpn | 1 Purevpn | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
| PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This file allows "Write" permissions to users in the "Everyone" group. An authenticated attacker may modify this file to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM account. | |||||
| CVE-2018-10170 | 1 Nordvpn | 1 Nordvpn | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-10169 | 1 Protonmail | 1 Protonvpn | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user. | |||||
| CVE-2018-1002150 | 1 Koji Project | 1 Koji | 2019-10-02 | 7.5 HIGH | 9.1 CRITICAL |
| Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. | |||||
| CVE-2018-1000660 | 1 Tockos | 1 Tock | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed. | |||||
| CVE-2018-1000649 | 1 Librehealth | 1 Librehealth Ehr | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input. | |||||
| CVE-2018-1000621 | 2 Linux, Mycroft | 2 Linux Kernel, Mycroft-core | 2019-10-02 | 6.8 MEDIUM | 8.1 HIGH |
| Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available. | |||||
| CVE-2018-1000511 | 1 Wpulike | 1 Ulike | 2019-10-02 | 5.5 MEDIUM | 7.5 HIGH |
| WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2. | |||||
| CVE-2018-1000510 | 1 Silkypress | 1 Image Zoom | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24. | |||||
| CVE-2018-1000226 | 1 Cobblerd | 1 Cobbler | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931. | |||||
| CVE-2018-1000211 | 1 Doorkeeper Project | 1 Doorkeeper | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. | |||||
| CVE-2018-1000209 | 1 Sensu | 1 Sensu Core | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later. | |||||
| CVE-2018-1000165 | 1 Lightsaml | 1 Lightsaml | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later. | |||||
| CVE-2018-1000158 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-02 | 4.3 MEDIUM | 8.8 HIGH |
| cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker controlled server can be created by using a host header attack. | |||||
| CVE-2018-1000207 | 1 Modx | 1 Modx Revolution | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68. | |||||
| CVE-2018-1000080 | 1 Ajenti | 1 Ajenti | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin. | |||||