Search
Total
406 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35682 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2021-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | |||||
| CVE-2020-25239 | 1 Siemens | 1 Sinema Remote Connect Server | 2021-03-18 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights. | |||||
| CVE-2021-28373 | 1 Tt-rss | 1 Tiny Tiny Rss | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases. | |||||
| CVE-2021-20670 | 1 Weseek | 1 Growi | 2021-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors. | |||||
| CVE-2021-21481 | 1 Sap | 1 Netweaver | 2021-03-16 | 8.3 HIGH | 8.8 HIGH |
| The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. | |||||
| CVE-2020-29020 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2021-03-12 | 6.5 MEDIUM | 7.2 HIGH |
| Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. | |||||
| CVE-2021-26964 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 5.5 MEDIUM | 7.1 HIGH |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. | |||||
| CVE-2021-22863 | 1 Github | 1 Github | 2021-03-09 | 5.5 MEDIUM | 8.1 HIGH |
| An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2021-27509 | 1 Visualware | 1 Myconnection Server | 2021-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | |||||
| CVE-2021-20188 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift Container Platform | 2021-02-17 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-8806 | 1 Electriccoin | 1 Zcashd | 2021-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | |||||
| CVE-2021-21286 | 1 Wwbn | 1 Avideo | 2021-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash. | |||||
| CVE-2021-3337 | 1 Hide Thread Content Project | 1 Hide Thread Content | 2021-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit. | |||||
| CVE-2021-26026 | 1 Acdsee | 1 Photo Studio 2021 | 2021-02-03 | 6.8 MEDIUM | 7.8 HIGH |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. | |||||
| CVE-2021-26025 | 1 Acdsee | 1 Photo Studio 2021 | 2021-02-03 | 6.8 MEDIUM | 7.8 HIGH |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. | |||||
| CVE-2020-17448 | 1 Telegram | 1 Telegram Desktop | 2021-01-28 | 6.8 MEDIUM | 7.8 HIGH |
| Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. | |||||
| CVE-2021-1144 | 1 Cisco | 1 Connected Mobile Experiences | 2021-01-20 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user. | |||||
| CVE-2017-12116 | 1 Ethereum | 1 Aleth | 2021-01-19 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | |||||
| CVE-2021-0319 | 1 Google | 1 Android | 2021-01-13 | 4.4 MEDIUM | 7.3 HIGH |
| In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818. | |||||
| CVE-2018-8724 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. | |||||
| CVE-2018-8044 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. | |||||
| CVE-2020-0479 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a malicious app to access files available to the DocumentProvider without user permission, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157294893 | |||||
| CVE-2020-15278 | 1 Cogboard | 1 Red Discord Bot | 2020-11-03 | 6.0 MEDIUM | 7.5 HIGH |
| Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue. | |||||
| CVE-2020-2286 | 1 Jenkins | 1 Role-based Authorization Strategy | 2020-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | |||||
| CVE-2019-3827 | 1 Gnome | 1 Gvfs | 2020-10-19 | 3.3 LOW | 7.0 HIGH |
| An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration. | |||||
| CVE-2020-3467 | 1 Cisco | 1 Identity Services Engine | 2020-10-16 | 5.5 MEDIUM | 7.7 HIGH |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials. | |||||
| CVE-2019-14811 | 5 Artifex, Debian, Fedoraproject and 2 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | |||||
| CVE-2019-14817 | 5 Artifex, Debian, Fedoraproject and 2 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2020-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | |||||
| CVE-2020-13334 | 1 Gitlab | 1 Gitlab | 2020-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | |||||
| CVE-2019-1603 | 1 Cisco | 6 Nexus 3000, Nexus 3500, Nexus 3600 and 3 more | 2020-10-08 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). | |||||
| CVE-2019-19200 | 1 Reddoxx | 1 Maildepot | 2020-10-07 | 6.5 MEDIUM | 8.8 HIGH |
| REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. | |||||
| CVE-2019-1626 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2020-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make. | |||||
| CVE-2019-6582 | 1 Siemens | 5 Siveillance Video Management Software 2017 R2, Siveillance Video Management Software 2018 R1, Siveillance Video Management Software 2018 R2 and 2 more | 2020-10-06 | 5.5 MEDIUM | 7.1 HIGH |
| A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP can change user-defined event properties without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises integrity of the user-defined event properties and the availability of corresponding functionality. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2020-3404 | 1 Cisco | 128 Asr1001-hx, Asr1001-hx-rf, Asr1001-x-rf and 125 more | 2020-10-06 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges. | |||||
| CVE-2019-1604 | 1 Cisco | 8 Nexus 3000, Nexus 3500, Nexus 3600 and 5 more | 2020-10-05 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an attacker to execute commands with elevated privileges on the underlying Linux shell of an affected device. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 8.2(3), and 8.3(2). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). | |||||
| CVE-2020-13322 | 1 Gitlab | 1 Gitlab | 2020-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. | |||||
| CVE-2019-11247 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2020-10-02 | 6.5 MEDIUM | 8.1 HIGH |
| The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | |||||
| CVE-2020-4621 | 1 Ibm | 1 Data Risk Manager | 2020-09-22 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981. | |||||
| CVE-2018-15640 | 1 Odoo | 1 Odoo | 2020-09-18 | 9.0 HIGH | 8.8 HIGH |
| Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request. | |||||
| CVE-2020-3473 | 1 Cisco | 19 8201, 8202, 8808 and 16 more | 2020-09-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks. | |||||
| CVE-2020-3530 | 1 Cisco | 23 Asr 9000v, Asr 9001, Asr 9006 and 20 more | 2020-09-09 | 5.6 MEDIUM | 8.4 HIGH |
| A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges. | |||||
| CVE-2018-1057 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2020-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | |||||
| CVE-2018-0338 | 1 Cisco | 1 Unified Computing System | 2020-09-04 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994. | |||||
| CVE-2018-0337 | 1 Cisco | 15 Nexus 5000, Nexus 5010, Nexus 5020 and 12 more | 2020-08-31 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976. | |||||
| CVE-2019-0276 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. | |||||
| CVE-2019-7639 | 2 Fedoraproject, Gsi-openssh Project | 2 Fedora, Gsi-openssh | 2020-08-24 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file. | |||||
| CVE-2019-7258 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Linear eMerge E3-Series devices allow Privilege Escalation. | |||||
| CVE-2019-5602 | 1 Freebsd | 1 Freebsd | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges. | |||||
| CVE-2019-2175 | 1 Google | 1 Android | 2020-08-24 | 4.4 MEDIUM | 7.8 HIGH |
| In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2019-19597 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2020-08-24 | 8.3 HIGH | 8.8 HIGH |
| D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. | |||||