CWE:
 

Tytuł
Data
Autor
Med.
VMware Fusion USB Arbitrator Setuid Privilege Escalation
03.04.2020
h00die
High
Deskpro Helpdesk Privilege Escalation / Remote Code Execution
02.04.2020
Abdulrahman Nour
High
WordPress Event-Registration Plugins 5.43 Arbitrary File Upload
29.03.2020
KingSkrupellos
High
Joomla GMapFP 3.30 Arbitrary File Upload
25.03.2020
thelastvvv
Med.
Avast Secure Browser 76.0.1659.101 Local Privilege Escalation
21.03.2020
Silton Santos
Med.
VMware Fusion Local Privilege Escalation / Directory Traversal
21.03.2020
Grimm
Med.
Microsoft Windows WizardOpium Local Privilege Escalation
09.03.2020
Anonymous
Med.
TL-WR849N 0.9.1 4.16 Authentication Bypass (Upload Firmware)
08.03.2020
Elber Tavares
High
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
08.03.2020
David Jorm
Med.
Intelbras Wireless N 150Mbps WRN240 Authentication Bypass
07.03.2020
Elber Tavares
Med.
Wing FTP Server 6.2.5 Privilege Escalation
03.03.2020
Cary Hooper
Med.
Cisco Unified Contact Center Express Privilege Escalation
25.02.2020
Jamie R
High
Diamorphine Rootkit Signal Privilege Escalation
24.02.2020
Bcoles
Med.
Diamorphine Rootkit Signal Privilege Escalation
21.02.2020
m0nad
Med.
Microsoft Windows 10 MSI Privilege Escalation
18.02.2020
nu11secur1ty
Med.
OpenTFTP 1.66 Local Privilege Escalation
13.02.2020
boku
Med.
Windscribe WindscribeService Named Pipe Privilege Escalation (Metasploit)
10.02.2020
bcoles
Med.
Ricoh Driver Privilege Escalation
08.02.2020
Shelby Pace
High
xglance-bin Local Root Privilege Escalation
06.02.2020
Tim Brown
Med.
Intel Processor Identification Utility 6.0.0211 Privilege Escalation
31.01.2020
Stefan Kanthak
High
OpenBSD OpenSMTPD Privilege Escalation / Code Execution
30.01.2020
Qualys Security Adviso...
Med.
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Esca
27.01.2020
Mohamed
High
SunOS 5.10 Generic_147148-26 Local Privilege Escalation
25.01.2020
Marco Ivaldi
Med.
Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation
23.01.2020
Brendan Coles
Med.
Plantronics Hub 3.13.2 SpokesUpdateService Privilege Escalation (Metasploit)
22.01.2020
Markus Krell
High
Microsoft Windows 10 (19H1 1901 x64) ws2ifsl.sys Use After Free Local Privilege Escalation (kASLR kCFG SMEP)
21.01.2020
Anonymous
High
Online Book Store 1.0 Arbitrary File Upload
17.01.2020
Or4nG.M4N
High
Microsoft Windows 10 build 1809 Local Privilege Escalation (UAC Bypass)
13.01.2020
Nassim Asrir
Med.
TotalAV 2020 4.14.31 Privilege Escalation
11.01.2020
Kusol Watchara-Apanuko...
High
Job Portal 1.0 Shell Upload
08.01.2020
Tib3rius
Med.
Plantronics Hub 3.13.2 Local Privilege Escalation
04.01.2020
Markus Krell
Med.
FreeBSD mqueuefs Privilege Escalation
31.12.2019
Karsten Konig
Med.
FreeBSD fd Privilege Escalation
31.12.2019
Karsten Konig
High
OpenBSD Dynamic Loader chpass Privilege Escalation
29.12.2019
Brendan Coles
Med.
CA Client Automation 14.x Privilege Escalation
27.12.2019
Kevin Kotas
Med.
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
24.12.2019
Dan Rosenberg
Med.
Reptile Rootkit reptile_cmd Privilege Escalation
24.12.2019
Brendan Coles
Med.
Deutsche Bahn Ticket Vending Machine Local Kiosk Privilege Escalation
19.12.2019
Vulnerability-Lab
Med.
NopCommerce 4.2.0 Privilege Escalation
17.12.2019
Alessandro Magnosi
High
OpenBSD 6.x Dynamic Loader Privilege Escalation
17.12.2019
Qualys
Med.
D-Link DIR-615 Privilege Escalation
17.12.2019
Sanyam Chawla
High
Bludit Directory Traversal Image File Upload (Metasploit)
04.12.2019
Anonymous
High
Bash 5.0 Patch 11 Privilege Escalation *youtube
02.12.2019
Mohin Paramasivam
High
Xfilesharing 2.5.1 Arbitrary File Upload
25.11.2019
Noman Riffat
Med.
macOS 10.14.6 root->kernel Privilege Escalation via update_dyld_shared_cache
25.11.2019
Google
Med.
GNU Mailutils 3.7 Privilege Escalation
21.11.2019
Mike Gualtieri
Med.
FreeRadius 3.0.19 Logrotate Privilege Escalation
16.11.2019
Wolfgang Hotwagner
High
Centraleyezer Shell Upload
16.11.2019
Omayr Zanata
High
Xfilesharing 2.5.1 Local File Inclusion / Shell Upload
15.11.2019
Noman Riffat
Med.
Xorg X11 Server Local Privilege Escalation
13.11.2019
Narendra Shinde
High
Bludit Directory Traversal Image File Upload
13.11.2019
sinn3r
Med.
Adive Framework 2.0.7 Privilege Escalation
09.11.2019
Pablo Santiago
Med.
Micro Focus (HPE) Data Protector SUID Privilege Escalation
03.11.2019
s7u55
Med.
Solaris xscreensaver Privilege Escalation
24.10.2019
Marco Ivaldi
Med.
Xorg X11 Server SUID modulepath Privilege Escalation
23.10.2019
Narendra Shinde
High
Restaurant Management System 1.0 Shell Upload
18.10.2019
Ibad Shah
Med.
National Instruments Circuit Design Suite 14.0 Privilege Escalation
12.10.2019
Ivan Marmolejo
Med.
CheckPoint Endpoint Security Client / ZoneAlarm Privilege Escalation
07.10.2019
Jakub Palaczynski
Med.
Logrotate 3.15.1 Privilege Escalation
07.10.2019
Wolfgang Hotwagner
High
IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution
07.10.2019
Jakub Palaczynski
Med.
GitLab Omnibus 12.2.1 Logrotate Privilege Escalation
05.10.2019
Wolfgang Hotwagner
Med.
ABRT sosreport Privilege Escalation
29.09.2019
rebel
Med.
V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation
27.09.2019
LiquidWorm
High
Chamilo LMS 1.11.8 Shell Upload
26.09.2019
Sohel Yousef
Med.
Samsung Mobile Android SamsungTTS Privilege Escalation
26.09.2019
flanker
Med.
ABRT sosreport Privilege Escalation
25.09.2019
rebel
High
Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload
22.09.2019
Sohel Yousef
Med.
ktsuss 1.4 suid Privilege Escalation
19.09.2019
Anonymous
High
macOS 18.7.0 Kernel Local Privilege Escalation
19.09.2019
LinusHenze
High
October CMS Upload Protection Bypass Code Execution
08.09.2019
Anti Rais
High
FileThingie 2.5.7 Remote Shell Upload
05.09.2019
Cakes
Med.
ptrace Sudo Token Privilege Escalation
03.09.2019
Brendan Coles
High
Sentrifugo 3.2 File Upload Restriction Bypass
02.09.2019
creosote
Med.
Asus Precision TouchPad 11.0.0.25 Denial Of Service / Privilege Escalation
01.09.2019
Athanasios Tserpelis
Med.
Exim 4.87 / 4.91 Local Privilege Escalation (Metasploit)
27.08.2019
Qualys
High
Integria IMS 5.0.86 Arbitrary File Upload
18.08.2019
Greg Priest
Med.
Steam Windows Client Local Privilege Escalation
13.08.2019
Absozed
High
osTicket 1.12 File Upload Cross Site Scripting
12.08.2019
Aishwarya Iyer
High
Baldr Botnet Panel Shell Upload
09.08.2019
Ege Balci
Med.
Microsoft Windows 7 build 7601 (x86) Local Privilege Escalation
07.08.2019
Anonymouse
High
ATutor 2.2.4 Arbitrary File Upload / Command Execution
06.08.2019
liquidsky
Med.
Linux Kernel 4.15.x < 4.19.2 map_write() CAP_SYS_ADMIN Local Privilege Escalation (dbus Method)
01.08.2019
root
Med.
Linux Kernel 4.15.x < 4.19.2 map_write() CAP_SYS_ADMIN Local Privilege Escalation (cron Method)
31.07.2019
Jann
Med.
S-nail < 14.8.16 Local Privilege Escalation
30.07.2019
Bcoles
Med.
ASAN/SUID Local Privilege Escalation
30.07.2019
Anonymouse
Med.
VMware Workstation/Player < 12.5.5 Local Privilege Escalation
29.07.2019
Anonymous
High
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
27.07.2019
Wietse Boonstra
High
Linux Kernel 4.10 < 5.1.17 PTRACE_TRACEME pkexec Local Privilege Escalation
26.07.2019
Anonymouse
Med.
Microsoft Windows Task Scheduler Local Privilege Escalation
22.07.2019
Social Engineering Neo
Med.
CentOS Control Web Panel 0.9.8.836 Privilege Escalation
17.07.2019
Pongtorn Angsuchotmete...
Low
ExpressVPN - Unquoted Service Path Privilege Escalation
14.07.2019
Iran Cyber Security Gr...
High
BKS EBK Ethernet-Buskoppler Pro Shell Upload
05.07.2019
Sebastian Auwaerter
Med.
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
01.07.2019
timwr
High
FortiCam FCM-MB40 Code Execution / Privilege Escalation
25.06.2019
XORcat
Med.
CentOS 7.6 ptrace_scope Privilege Escalation
21.06.2019
Marcelo Vazquez
High
Cisco Prime Infrastructure Runrshell Privilege Escalation
20.06.2019
sinn3r
Med.
Telus Actiontec T2200H Local Privilege Escalation
13.06.2019
Andrew Klaus
Med.
Telus Actiontec WEB6000Q Privilege Escalation
13.06.2019
Andrew Klaus
High
WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload
06.06.2019
KingSkrupellos
Med.
Serv-U FTP Server 15.1.6.25 Local Privilege Escalation
31.05.2019
Chris Moberly


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-09-08
Low
CVE-2019-16097

Updating...
 

 
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

 
High
CVE-2019-16103

Vendor: Silver-peak
Software: Unity edgeco...
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

 
2019-09-06
Medium
CVE-2018-6240

Vendor: Google
Software: Android
 

 
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address

 
Medium
CVE-2019-14813

Vendor: Artifex
Software: Ghostscript
 

 
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

 
Medium
CVE-2019-2182

Vendor: Google
Software: Android
 

 
In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
Medium
CVE-2019-9345

Vendor: Google
Software: Android
 

 
In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

 
Medium
CVE-2019-9436

Vendor: Google
Software: Android
 

 
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

 
2019-09-05
Medium
CVE-2019-15953

Vendor: Totaljs
Software: Total.js cms
 

 
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.

 
Medium
CVE-2019-2123

Vendor: Google
Software: Android
 

 
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
2019-09-04
Medium
CVE-2019-10709

Vendor: ASUS
Software: Precision to...
 

 
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top