Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5736 | 1 Intel | 1 Software Guard Extensions Platform Software Component | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator. | |||||
| CVE-2018-5756 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks. | |||||
| CVE-2018-10190 | 1 Londontrustmedia | 1 Private Internet Access | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The "Changelog" and "Help" options available from the system tray context menu spawn an elevated instance of the user's default web browser. An attacker could exploit this vulnerability by selecting "Run as Administrator" from the context menu of an executable file within the file browser of the spawned default web browser. This may allow the attacker to execute privileged commands on the targeted system. | |||||
| CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2019-10-03 | 7.2 HIGH | 6.2 MEDIUM |
| A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | |||||
| CVE-2017-6339 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase. | |||||
| CVE-2017-9450 | 1 Amazon | 1 Amazon Web Services Cloudformation Bootstrap | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | |||||
| CVE-2018-0613 | 1 Necplatforms | 16 Calsos Csdj-a, Calsos Csdj-a Firmware, Calsos Csdj-b and 13 more | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors. | |||||
| CVE-2017-5207 | 1 Firejail Project | 1 Firejail | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument. | |||||
| CVE-2018-18252 | 1 Capmon | 1 Access Manager | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option. | |||||
| CVE-2017-6152 | 1 F5 | 1 Big-iq Centralized Management | 2019-10-03 | 2.1 LOW | 6.7 MEDIUM |
| A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. | |||||
| CVE-2017-6954 | 1 Buddypress | 1 Buddypress | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. | |||||
| CVE-2018-14894 | 1 Cyberark | 1 Endpoint Privilege Manager | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | |||||
| CVE-2018-11911 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access. | |||||
| CVE-2018-1000624 | 1 Battelle | 1 V2i Hub | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system. | |||||
| CVE-2018-9425 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 | |||||
| CVE-2012-0384 | 1 Cisco | 2 Ios, Ios Xe | 2019-09-27 | 8.5 HIGH | 7.2 HIGH |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | |||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2019-09-27 | 9.3 HIGH | 9.6 CRITICAL |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | |||||
| CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2019-09-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | |||||
| CVE-2016-11011 | 1 Usabilitydynamics | 1 Wp-invoice | 2019-09-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | |||||
| CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2019-09-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | |||||