Total
1599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000106 | 1 Jenkins | 1 Gerrit Trigger | 2019-10-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. | |||||
| CVE-2018-1000109 | 1 Jenkins | 1 Google-play-android-publisher | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. | |||||
| CVE-2018-6316 | 1 Ivanti | 1 Endpoint Security | 2019-10-03 | 6.0 MEDIUM | 7.5 HIGH |
| Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode. | |||||
| CVE-2017-17323 | 1 Huawei | 2 Ibmc, Ibmc Firmware | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. | |||||
| CVE-2018-7926 | 1 Huawei | 2 Watch 2, Watch 2 Firmware | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. | |||||
| CVE-2018-13109 | 1 Adbglobal | 8 Dv2210, Dv2210 Firmware, Prg Av4202n and 5 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well. | |||||
| CVE-2018-1000110 | 1 Jenkins | 1 Git | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | |||||
| CVE-2018-2361 | 1 Sap | 1 Solution Manager | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. | |||||
| CVE-2017-1233 | 1 Ibm | 1 Bigfix Remote Control | 2019-10-03 | 7.2 HIGH | 6.7 MEDIUM |
| IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912. | |||||
| CVE-2017-8633 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 8.5 HIGH | 7.5 HIGH |
| Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability". | |||||
| CVE-2017-3817 | 1 Cisco | 1 Unified Computing System Director | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0). | |||||
| CVE-2018-1000197 | 1 Jenkins | 1 Black Duck Hub | 2019-10-03 | 5.5 MEDIUM | 8.1 HIGH |
| An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. | |||||
| CVE-2017-7512 | 1 Redhat | 1 3scale Api Management Platform | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521. | |||||
| CVE-2017-6590 | 1 Canonical | 1 Ubuntu Linux | 2019-10-03 | 6.9 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries. | |||||
| CVE-2017-8276 | 1 Qualcomm | 66 Mdm9206, Mdm9206 Firmware, Mdm9607 and 63 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. | |||||
| CVE-2017-6816 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-10-03 | 5.5 MEDIUM | 4.9 MEDIUM |
| In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | |||||
| CVE-2016-10996 | 1 Optinmonster | 1 Optinmonster | 2019-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | |||||
| CVE-2019-14237 | 1 Nxp | 6 Kinetis K8x, Kinetis K8x Firmware, Kinetis Kv1x and 3 more | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution. | |||||
| CVE-2019-14236 | 1 St | 12 Stm32f4, Stm32f4 Firmware, Stm32f7 and 9 more | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. | |||||