Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1217 | 1 Dell | 2 Emc Avamar, Emc Integrated Data Protection Appliance | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials. | |||||
| CVE-2018-5377 | 1 Discuz | 1 Discuzx | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | |||||
| CVE-2017-5985 | 1 Linuxcontainers | 1 Lxc | 2019-10-03 | 2.1 LOW | 3.3 LOW |
| lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. | |||||
| CVE-2017-18312 | 1 Qualcomm | 18 Msm8996au, Msm8996au Firmware, Sd 410 and 15 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A | |||||
| CVE-2017-10846 | 1 Nttdocomo | 2 Wi-fi Station L-02f, Wi-fi Station L-02f Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | |||||
| CVE-2018-2461 | 1 Sap | 1 People Profile | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. | |||||
| CVE-2017-6369 | 1 Firebirdsql | 1 Firebird | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. | |||||
| CVE-2018-18377 | 1 Orange | 2 Airbox, Airbox Firmware | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | |||||
| CVE-2017-17665 | 1 Octopus | 1 Octopus Deploy | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access. | |||||
| CVE-2019-9351 | 1 Google | 1 Android | 2019-10-02 | 2.1 LOW | 3.3 LOW |
| In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128599864 | |||||
| CVE-2019-9380 | 1 Google | 1 Android | 2019-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098 | |||||
| CVE-2019-9323 | 1 Google | 1 Android | 2019-10-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233 | |||||