Search
Total
1288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14312 | 1 Nagios | 1 Nagios Core | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | |||||
| CVE-2017-14484 | 1 Gentoo | 1 Sci-mathematics-gimps | 2019-10-03 | 6.9 MEDIUM | 7.3 HIGH |
| The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. | |||||
| CVE-2017-15013 | 1 Opentext | 1 Documentum Content Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. | |||||
| CVE-2017-15055 | 1 Teampass | 1 Teampass | 2019-10-03 | 6.5 MEDIUM | 8.1 HIGH |
| TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php. | |||||
| CVE-2017-15536 | 1 Cloudera | 1 Data Science Workbench | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables. | |||||
| CVE-2017-16520 | 1 Inedo | 1 Buildmaster | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | |||||
| CVE-2017-17384 | 1 Ispconfig | 1 Ispconfig | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | |||||
| CVE-2017-5207 | 1 Firejail Project | 1 Firejail | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument. | |||||
| CVE-2017-5671 | 1 Honeywell | 14 Intermec Pc23, Intermec Pc23 Firmware, Intermec Pc42 and 11 more | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. | |||||
| CVE-2017-5722 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2019-10-03 | 4.4 MEDIUM | 7.5 HIGH |
| Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. | |||||
| CVE-2017-5736 | 1 Intel | 1 Software Guard Extensions Platform Software Component | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator. | |||||
| CVE-2017-5940 | 1 Firejail Project | 1 Firejail | 2019-10-03 | 4.6 MEDIUM | 8.8 HIGH |
| Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180. | |||||
| CVE-2017-6401 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat. | |||||
| CVE-2017-6728 | 1 Cisco | 1 Ios Xr | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE. | |||||
| CVE-2017-6767 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2019-10-03 | 4.6 MEDIUM | 7.1 HIGH |
| A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1). | |||||
| CVE-2017-7803 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2017-8114 | 1 Roundcube | 2 Roundcube Webmail, Webmail | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. | |||||
| CVE-2017-8187 | 1 Huawei | 2 Fusionsphere Openstack, Fusionsphere Openstack Firmware | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. | |||||
| CVE-2017-8308 | 1 Avast | 1 Antivirus | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components. | |||||
| CVE-2017-9324 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. | |||||
| CVE-2018-3682 | 1 Intel | 70 Bbs2600bpb, Bbs2600bpq, Bbs2600bps and 67 more | 2019-10-03 | 4.6 MEDIUM | 8.2 HIGH |
| BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. | |||||
| CVE-2018-5884 | 1 Qualcomm | 24 Mdm9206, Mdm9206 Firmware, Mdm9607 and 21 more | 2019-10-03 | 4.6 MEDIUM | 8.4 HIGH |
| Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. | |||||
| CVE-2018-5839 | 1 Qualcomm | 60 Mdm9150, Mdm9150 Firmware, Mdm9615 and 57 more | 2019-10-03 | 6.6 MEDIUM | 7.1 HIGH |
| Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130. | |||||
| CVE-2018-5706 | 1 Octopus | 1 Octopus Deploy | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission. | |||||
| CVE-2018-5166 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-4862 | 1 Octopus | 1 Octopus Deploy | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges. | |||||
| CVE-2018-19411 | 1 Paessler | 1 Prtg Network Monitor | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | |||||
| CVE-2018-19648 | 1 Adtran | 1 Pmaa | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF. | |||||
| CVE-2018-19853 | 1 Hitshop Project | 1 Hitshop | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account. | |||||
| CVE-2018-4008 | 1 Shimovpn | 1 Shimo Vpn | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. | |||||
| CVE-2018-20193 | 1 Pulsesecure | 1 Secure Access Series Ssl Vpn Sa-4000 | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes. | |||||
| CVE-2018-2481 | 1 Sap | 1 Advanced Business Application Programming | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality. | |||||
| CVE-2018-9425 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 | |||||
| CVE-2012-0384 | 1 Cisco | 2 Ios, Ios Xe | 2019-09-27 | 8.5 HIGH | 7.2 HIGH |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | |||||
| CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | |||||
| CVE-2016-11002 | 1 Elegantthemes | 1 Extra | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | |||||
| CVE-2016-11003 | 1 Elegantthemes | 1 Monarch | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | |||||
| CVE-2016-10968 | 1 Peepso | 1 Peepso | 2019-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | |||||