Search
Total
5300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4097 | 1 Oracle | 1 Mysql | 2020-02-18 | 4.6 MEDIUM | N/A |
| MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079. | |||||
| CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 7.2 HIGH | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | |||||
| CVE-2016-9151 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables. | |||||
| CVE-2008-2314 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2020-02-10 | 4.4 MEDIUM | N/A |
| Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. | |||||
| CVE-2003-0497 | 1 Intersystems | 1 Cache Database | 2020-02-10 | 7.2 HIGH | N/A |
| Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. | |||||
| CVE-2016-10935 | 1 Visser | 1 Store Exporter For Woocommerce | 2020-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | |||||
| CVE-2012-5385 | 1 Webcalendar Project | 1 Webcalendar | 2020-01-29 | 7.5 HIGH | N/A |
| install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | |||||
| CVE-2011-3172 | 1 Suse | 1 Suse Linux Enterprise Server | 2020-01-24 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | |||||
| CVE-2016-8216 | 1 Dell | 1 Emc Data Domain Os | 2020-01-23 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2015-2694 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 5.8 MEDIUM | N/A |
| The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. | |||||
| CVE-2012-1012 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 5.5 MEDIUM | N/A |
| server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege. | |||||
| CVE-2007-4000 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 8.5 HIGH | N/A |
| The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | |||||
| CVE-2010-4021 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | 2.1 LOW | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." | |||||
| CVE-2006-3084 | 2 Heimdal, Mit | 2 Heimdal, Kerberos 5 | 2020-01-21 | 7.2 HIGH | N/A |
| The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. | |||||
| CVE-2016-1954 | 4 Mozilla, Novell, Opensuse and 1 more | 7 Firefox, Firefox Esr, Thunderbird and 4 more | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. | |||||
| CVE-2016-4997 | 4 Canonical, Linux, Novell and 1 more | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 7 more | 2019-12-27 | 7.2 HIGH | 7.8 HIGH |
| The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. | |||||
| CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 3.6 LOW | N/A |
| MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | |||||
| CVE-2015-5324 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 5.0 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. | |||||
| CVE-2015-5323 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 6.5 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. | |||||
| CVE-2014-3602 | 1 Redhat | 1 Openshift | 2019-12-17 | 2.1 LOW | N/A |
| Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp. | |||||
| CVE-2014-3674 | 1 Redhat | 1 Openshift | 2019-12-17 | 7.5 HIGH | N/A |
| Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |||||
| CVE-2008-2079 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-12-17 | 4.6 MEDIUM | N/A |
| MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. | |||||
| CVE-2013-3633 | 1 Siemens | 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more | 2019-12-12 | 8.0 HIGH | N/A |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. | |||||
| CVE-2014-1903 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2019-12-10 | 7.5 HIGH | N/A |
| admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. | |||||
| CVE-2011-0401 | 1 Matomo | 1 Matomo | 2019-11-21 | 5.0 MEDIUM | N/A |
| Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions. | |||||
| CVE-2011-0398 | 1 Matomo | 1 Matomo | 2019-11-21 | 6.4 MEDIUM | N/A |
| The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header. | |||||
| CVE-2009-1085 | 1 Matomo | 1 Matomo | 2019-11-21 | 5.0 MEDIUM | N/A |
| Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh. | |||||
| CVE-2016-6804 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2019-11-20 | 9.3 HIGH | 7.8 HIGH |
| The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. | |||||
| CVE-2006-6683 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2019-11-13 | 7.8 HIGH | N/A |
| Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM. | |||||
| CVE-2006-6679 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2019-11-13 | 7.5 HIGH | N/A |
| Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header. | |||||
| CVE-2014-7851 | 2 Ovirt, Redhat | 2 Ovirt, Ovirt-engine | 2019-11-06 | 6.0 MEDIUM | 7.5 HIGH |
| oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | |||||
| CVE-2011-4944 | 1 Python | 1 Python | 2019-10-25 | 1.9 LOW | N/A |
| Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | |||||
| CVE-2015-0179 | 1 Ibm | 1 Domino | 2019-10-16 | 7.2 HIGH | N/A |
| Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. | |||||
| CVE-2019-3779 | 1 Cloudfoundry | 1 Container Runtime | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD. | |||||
| CVE-2019-1660 | 1 Cisco | 1 Telepresence Management Suite | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the affected TMS software. An attacker could exploit this vulnerability by gaining access to internal, trusted networks to send crafted SOAP calls to the affected device. If successful, an exploit could allow the attacker to access system management tools. Under normal circumstances, this access should be prohibited. | |||||
| CVE-2019-11771 | 1 Eclipse | 1 Openj9 | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | |||||
| CVE-2016-9489 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password. | |||||
| CVE-2016-8629 | 1 Redhat | 3 Enterprise Linux Server, Keycloak, Single Sign On | 2019-10-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm. | |||||
| CVE-2016-8656 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. | |||||
| CVE-2016-9469 | 1 Gitlab | 1 Gitlab | 2019-10-09 | 5.0 MEDIUM | 8.2 HIGH |
| Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee. | |||||
| CVE-2016-9485 | 1 Forescout | 1 Secureconnector | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account. | |||||
| CVE-2016-9486 | 1 Forescout | 1 Secureconnector | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property. | |||||
| CVE-2016-6564 | 7 Beeline, Bluproducts, Doogee and 4 more | 38 Pro 2, Pro 2 Firmware, Studio 6.0 Hd and 35 more | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={"name":"c_regist","details":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {"code": "01", "name": "push_commands", "details": {"server_id": "1" , "title": "Test Command", "comments": "Test", "commands": "touch /tmp/test"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0 | |||||
| CVE-2016-7070 | 1 Redhat | 1 Ansible Tower | 2019-10-09 | 5.2 MEDIUM | 8.0 HIGH |
| A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. | |||||
| CVE-2016-2121 | 1 Redhat | 1 Openstack | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | |||||
| CVE-2016-1579 | 1 Canonical | 1 Ubuntu Download Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user. | |||||
| CVE-2016-2246 | 1 Hp | 1 Thinpro | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | |||||
| CVE-2015-1327 | 1 Canonical | 1 Ubuntu Linux | 2019-10-09 | 4.3 MEDIUM | 7.8 HIGH |
| Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. | |||||
| CVE-2014-2646 | 1 Hp | 1 Network Automation | 2019-10-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2013-4548 | 1 Openbsd | 1 Openssh | 2019-10-09 | 6.0 MEDIUM | N/A |
| The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. | |||||