CVE-2018-9431

HIGH Year: 2018
CVSS v3 Score
7.8
High
Weakness Type
CWE-276
View all →

Vulnerability Description

In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2001-0497

HIGH
CVSS:7.8(High)

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which all...

CWE-2762001

CVE-2002-1844

HIGH
CVSS:7.8(High)

Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileg...

CWE-2762002

CVE-2005-1941

HIGH
CVSS:7.8(High)

SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.

CWE-2762005

CVE-2014-7302

HIGH
CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

CWE-2762014

CVE-2014-7303

HIGH
CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc...

CWE-2762014

CVE-2015-7378

HIGH
CVSS:7.8(High)

Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_...

CWE-2762015