Search
Total
1819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11190 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6). | |||||
| CVE-2017-0358 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. | |||||
| CVE-2018-13400 | 1 Atlassian | 1 Jira | 2019-10-03 | 6.5 MEDIUM | 4.7 MEDIUM |
| Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | |||||
| CVE-2017-17384 | 1 Ispconfig | 1 Ispconfig | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | |||||
| CVE-2018-12596 | 1 Episerver | 1 Ektron Cms | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins). | |||||
| CVE-2018-10190 | 1 Londontrustmedia | 1 Private Internet Access | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The "Changelog" and "Help" options available from the system tray context menu spawn an elevated instance of the user's default web browser. An attacker could exploit this vulnerability by selecting "Run as Administrator" from the context menu of an executable file within the file browser of the spawned default web browser. This may allow the attacker to execute privileged commands on the targeted system. | |||||
| CVE-2018-9425 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 | |||||
| CVE-2012-0384 | 1 Cisco | 2 Ios, Ios Xe | 2019-09-27 | 8.5 HIGH | 7.2 HIGH |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | |||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2019-09-27 | 9.3 HIGH | 9.6 CRITICAL |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | |||||
| CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2019-09-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | |||||
| CVE-2016-11011 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | |||||
| CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | |||||
| CVE-2016-11002 | 1 Elegantthemes | 1 Extra | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | |||||
| CVE-2016-11003 | 1 Elegantthemes | 1 Monarch | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | |||||
| CVE-2016-10971 | 1 Membersonic | 1 Membersonic | 2019-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. | |||||
| CVE-2016-10968 | 1 Peepso | 1 Peepso | 2019-09-18 | 6.5 MEDIUM | 8.8 HIGH |
| The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | |||||
| CVE-2016-10972 | 1 Tagdiv | 1 Newspaper | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | |||||
| CVE-2019-16202 | 1 Misp | 1 Misp | 2019-09-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. | |||||
| CVE-2018-21013 | 1 Upperthemes | 1 Swape | 2019-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php. | |||||