Total
271 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1308 | 1 Ibm | 1 Daeja Viewone | 2019-10-03 | N/A |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. | ||||
| CVE-2017-11829 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | N/A |
| Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | ||||
| CVE-2017-11746 | 1 Inversepath | 1 Tenshi | 2019-10-03 | N/A |
| Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. | ||||
| CVE-2017-10930 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2019-10-03 | N/A |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | ||||
| CVE-2018-9587 | 1 Google | 1 Android | 2019-10-03 | N/A |
| In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344. | ||||
| CVE-2017-6774 | 1 Cisco | 1 Asr 5000 Software | 2019-10-03 | N/A |
| A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. | ||||
| CVE-2018-16946 | 1 Lg | 36 Lnb5110, Lnb5110 Firmware, Lnb5320 and 33 more | 2019-10-03 | N/A |
| LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. | ||||
| CVE-2018-5112 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | N/A |
| Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58. | ||||
| CVE-2019-14273 | 1 Silverstripe | 1 Silverstripe | 2019-09-27 | 5.3 Medium |
| In SilverStripe assets 4.0, there is broken access control on files. | ||||
| CVE-2016-10829 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | ||||
| CVE-2017-2551 | 1 Inpsyde | 1 Backwpup | 2017-10-10 | N/A |
| Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | ||||