Total
2154 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0276 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2024-11-21 | N/A |
| Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. | ||||
| CVE-2019-0105 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A |
| Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2018-9492 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948 | ||||
| CVE-2018-9488 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. | ||||
| CVE-2018-8927 | 1 Synology | 1 Calendar | 2024-11-21 | N/A |
| Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | ||||
| CVE-2018-8790 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | N/A |
| Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. | ||||
| CVE-2018-8724 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. | ||||
| CVE-2018-8044 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. | ||||
| CVE-2018-7988 | 1 Huawei | 4 Mate 9 Pro, Mate 9 Pro Firmware, Nova 2 Plus and 1 more | 2024-11-21 | N/A |
| There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection. | ||||
| CVE-2018-7957 | 1 Huawei | 2 Victoria-al00, Victoria-al00 Firmware | 2024-11-21 | N/A |
| Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally. | ||||
| CVE-2018-7929 | 1 Huawei | 2 Mate Rs, Mate Rs Firmware | 2024-11-21 | N/A |
| Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations. | ||||
| CVE-2018-7926 | 1 Huawei | 2 Watch 2, Watch 2 Firmware | 2024-11-21 | N/A |
| Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch. | ||||
| CVE-2018-7925 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2024-11-21 | N/A |
| The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. | ||||
| CVE-2018-7366 | 1 Zte | 2 Zxv10 B860av2.1 Chinamobile, Zxv10 B860av2.1 Chinamobile Firmware | 2024-11-21 | N/A |
| ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations. | ||||
| CVE-2018-7363 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | N/A |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. | ||||
| CVE-2018-7245 | 1 Schneider-electric | 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more | 2024-11-21 | N/A |
| An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization. | ||||
| CVE-2018-7079 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A |
| Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. | ||||
| CVE-2018-6980 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 7.2 High |
| VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform. | ||||
| CVE-2018-6316 | 1 Ivanti | 1 Endpoint Security | 2024-11-21 | N/A |
| Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode. | ||||
| CVE-2018-5741 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2024-11-21 | N/A |
| To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. | ||||