CVE-2018-16145

HIGH Year: 2018
CVSS v3 Score
8.1
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-732
View all →

Vulnerability Description

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.

Related Vulnerabilities

CVE-2017-1000134

HIGH
CVSS:8.1(High)

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group memb...

CWE-7322017

CVE-2017-18894

HIGH
CVSS:8.1(High)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.

CWE-7322017

CVE-2017-2590

HIGH
CVSS:8.1(High)

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorize...

CWE-7322017

CVE-2017-7563

HIGH
CVSS:8.1(High)

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in...

CWE-7322017

CVE-2018-1000025

HIGH
CVSS:8.1(High)

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that ...

CWE-7322018

CVE-2018-1000621

HIGH
CVSS:8.1(High)

Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Li...

CWE-7322018