| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000133 |
269 |
|
+Priv |
2018-03-16 |
2019-10-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2. |
|
2 |
CVE-2018-19966 |
436 |
|
DoS +Priv |
2018-12-08 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595. |
|
3 |
CVE-2018-19963 |
617 |
|
DoS +Priv |
2018-12-08 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled. |
|
4 |
CVE-2018-19962 |
200 |
|
+Priv +Info |
2018-12-08 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. |
|
5 |
CVE-2018-19961 |
459 |
|
+Priv |
2018-12-08 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. |
|
6 |
CVE-2018-19114 |
20 |
|
+Priv |
2018-11-08 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen. |
|
7 |
CVE-2018-18810 |
|
|
+Priv |
2018-12-11 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0. |
|
8 |
CVE-2018-18629 |
426 |
|
+Priv |
2018-12-20 |
2019-02-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. |
|
9 |
CVE-2018-18555 |
78 |
|
+Priv |
2018-12-17 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account. |
|
10 |
CVE-2018-18519 |
426 |
|
+Priv |
2018-11-19 |
2019-06-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group. |
|
11 |
CVE-2018-18093 |
732 |
|
+Priv |
2018-12-14 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. |
|
12 |
CVE-2018-17980 |
426 |
|
Exec Code +Priv |
2018-10-15 |
2019-01-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.). |
|
13 |
CVE-2018-17894 |
798 |
|
+Priv |
2018-10-12 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. |
|
14 |
CVE-2018-17776 |
732 |
|
+Priv |
2018-09-28 |
2021-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. |
|
15 |
CVE-2018-17775 |
732 |
|
+Priv |
2018-10-08 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse. |
|
16 |
CVE-2018-17182 |
416 |
|
Overflow +Priv |
2018-09-19 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. |
|
17 |
CVE-2018-17153 |
287 |
|
+Priv Bypass |
2018-09-18 |
2018-12-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. |
|
18 |
CVE-2018-16861 |
79 |
|
Exec Code +Priv XSS CSRF |
2018-12-07 |
2019-05-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable. |
|
19 |
CVE-2018-16161 |
|
|
+Priv |
2018-11-15 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations. |
|
20 |
CVE-2018-15774 |
863 |
|
+Priv |
2018-12-13 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. |
|
21 |
CVE-2018-15761 |
|
|
+Priv |
2018-11-19 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges. |
|
22 |
CVE-2018-15718 |
200 |
|
+Priv +Info |
2018-12-12 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Open Dental before version 18.4 transmits the entire user database over the network when a remote unauthenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more. |
|
23 |
CVE-2018-15611 |
|
|
+Priv |
2018-09-27 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1. |
|
24 |
CVE-2018-15537 |
434 |
|
Exec Code +Priv |
2018-11-29 |
2019-01-31 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. |
|
25 |
CVE-2018-15441 |
89 |
|
Exec Code +Priv Sql |
2018-11-28 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user. |
|
26 |
CVE-2018-15402 |
352 |
|
+Priv CSRF |
2018-10-17 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information. |
|
27 |
CVE-2018-15395 |
|
|
+Priv |
2018-10-17 |
2019-10-09 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances. |
|
28 |
CVE-2018-15394 |
|
|
+Priv Bypass |
2018-11-08 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC. |
|
29 |
CVE-2018-15368 |
78 |
|
Exec Code +Priv |
2018-10-05 |
2020-08-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. |
|
30 |
CVE-2018-14857 |
434 |
|
Exec Code +Priv |
2018-08-06 |
2018-10-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. |
|
31 |
CVE-2018-14850 |
79 |
|
+Priv XSS |
2018-08-13 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. |
|
32 |
CVE-2018-14825 |
732 |
|
+Priv +Info |
2018-09-24 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents. |
|
33 |
CVE-2018-14678 |
665 |
|
DoS +Priv |
2018-07-28 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. |
|
34 |
CVE-2018-14533 |
|
|
+Priv |
2018-07-31 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. |
|
35 |
CVE-2018-14327 |
732 |
|
+Priv |
2018-09-26 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. |
|
36 |
CVE-2018-13801 |
269 |
|
+Priv |
2018-10-10 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. |
|
37 |
CVE-2018-13409 |
79 |
|
+Priv XSS |
2018-07-06 |
2018-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. |
|
38 |
CVE-2018-13408 |
79 |
|
+Priv XSS |
2018-07-06 |
2018-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. |
|
39 |
CVE-2018-13110 |
732 |
|
+Priv |
2018-07-06 |
2019-10-03 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. |
|
40 |
CVE-2018-12989 |
281 |
|
+Priv |
2018-08-03 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges. |
|
41 |
CVE-2018-11769 |
|
|
Exec Code +Priv Bypass |
2018-08-08 |
2019-10-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007. |
|
42 |
CVE-2018-11334 |
732 |
|
DoS +Priv |
2018-05-23 |
2020-08-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. |
|
43 |
CVE-2018-11062 |
798 |
|
+Priv |
2018-11-02 |
2019-01-30 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files. |
|
44 |
CVE-2018-11051 |
22 |
|
+Priv Dir. Trav. |
2018-07-03 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. |
|
45 |
CVE-2018-10982 |
|
|
DoS +Priv |
2018-05-10 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. |
|
46 |
CVE-2018-10931 |
749 |
|
+Priv |
2018-08-09 |
2023-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. |
|
47 |
CVE-2018-10902 |
416 |
|
+Priv |
2018-08-21 |
2023-02-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. |
|
48 |
CVE-2018-10636 |
787 |
|
Exec Code Overflow +Priv |
2018-08-13 |
2020-08-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. |
|
49 |
CVE-2018-10598 |
125 |
|
Exec Code +Priv |
2018-08-13 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. |
|
50 |
CVE-2018-10361 |
668 |
|
+Priv |
2018-04-25 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation. |
