CWE:
 

Topic
Date
Author
Low
Gantt-Chart For Jira 5.5.3 Missing Privilege Check
04.08.2020
Sebastian Auwaerter
Med.
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation
17.05.2020
Matthew Bergin
Med.
Ultimate Member 2.39 Unauthorized profile modification
18.06.2019
Clément Cruchet
Med.
WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing
27.02.2019
GeekHack
Med.
Goozmo™ Systems v.1.0 Improper Privilege Management
29.01.2019
KingSkrupellos
Med.
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
04.05.2018
Core
Med.
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
01.11.2017
Karn Ganeshen
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
phpMyAdmin 3.5.x/4.0.x privilege escalation
30.07.2013
SecuriTeam Secure Disc...
High
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability
27.09.2012
X-Cisadane


CVEMAP Search Results

CVE
Details
Description
2021-10-19
Medium
CVE-2021-30829

Vendor: Apple
Software: Mac os x
 

 
A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.

 
2021-10-15
Medium
CVE-2021-40989

Updating...
 

 
A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

 
Medium
CVE-2021-29745

Vendor: IBM
Software: Cognos analytics
 

 
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

 
2021-10-14
Medium
CVE-2021-40854

Vendor: Anydesk
Software: Anydesk
 

 
AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other applications.

 
Medium
CVE-2021-38295

Vendor: Apache
Software: Couchdb
 

 
In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2

 
2021-10-13
Medium
CVE-2021-41357

Vendor: Microsoft
Software: Windows 10
 

 
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450.

 
Medium
CVE-2021-41348

Vendor: Microsoft
Software: Exchange server
 

 
Microsoft Exchange Server Elevation of Privilege Vulnerability

 
Medium
CVE-2021-41347

Vendor: Microsoft
Software: Windows 10
 

 
Windows AppX Deployment Service Elevation of Privilege Vulnerability

 
Medium
CVE-2021-41345

Vendor: Microsoft
Software: Windows 10
 

 
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.

 
Medium
CVE-2021-41339

Vendor: Microsoft
Software: Windows 10
 

 
Microsoft DWM Core Library Elevation of Privilege Vulnerability

 

 


Copyright 2021, cxsecurity.com

 

Back to Top