Total
791 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10154 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 High |
| A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations. | ||||
| CVE-2019-0816 | 3 Canonical, Microsoft, Redhat | 3 Ubuntu Linux, Azure, Enterprise Linux | 2024-11-21 | N/A |
| A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'. | ||||
| CVE-2019-0212 | 1 Apache | 1 Hbase | 2024-11-21 | N/A |
| In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server. | ||||
| CVE-2018-9867 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.5 Medium |
| In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | ||||
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | 5.3 Medium |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | ||||
| CVE-2018-3778 | 1 Aedes Project | 1 Aedes | 2024-11-21 | 5.3 Medium |
| Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. | ||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | ||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | ||||
| CVE-2018-1296 | 1 Apache | 1 Hadoop | 2024-11-21 | N/A |
| In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent. | ||||
| CVE-2018-1116 | 4 Canonical, Debian, Polkit Project and 1 more | 4 Ubuntu Linux, Debian Linux, Polkit and 1 more | 2024-11-21 | 4.4 Medium |
| A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. | ||||
| CVE-2018-1113 | 2 Fedoraproject, Redhat | 6 Fedora, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. | ||||
| CVE-2018-1082 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site. | ||||
| CVE-2018-19581 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | ||||
| CVE-2018-19578 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | ||||
| CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | ||||
| CVE-2018-1999047 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center. | ||||
| CVE-2018-1999046 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. | ||||
| CVE-2018-1999006 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade. | ||||
| CVE-2018-18955 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A |
| In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction. | ||||
| CVE-2018-17933 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | N/A |
| VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot. | ||||