CWE:
 

Tytuł
Data
Autor
High
Online Library Management System 1.0 Arbitrary File Upload
23.10.2020
Jyotsna Adhana
High
WordPress HS Brand Logo Slider 2.1 Shell Upload
22.10.2020
Net-Hunter
High
GOautodial 4.0 Shell Upload
22.10.2020
Balzabu
High
Linux / Unix su Privilege Escalation
21.10.2020
Gavin Youker
Med.
aaPanel 6.6.6 Privilege Escalation
16.10.2020
Unsal Furkan Harani
High
Microsoft Windows Uninitialized Variable Local Privilege Escalation
15.10.2020
timwr
High
Sage DPW 2020_06_000 / 2020_06_001 XSS / File Upload
13.10.2020
Gerhard Hechenberger
High
openMAINT 1.1-2.4.2 Arbitrary File Upload
09.10.2020
mrb3n
Med.
Checkmk 1.6.0p16 Local Privilege Escalation
03.10.2020
Thierry Viaccoz
High
Cisco AnyConnect Privilege Escalation
30.09.2020
Yorick Koster
Med.
MSI Ambient Link Driver 1.0.0.8 Privilege Escalation
29.09.2020
Matteo Malvica
High
Seat Reservation System 1.0 Shell Upload
23.09.2020
Rahul Ramkumar
High
Hyland OnBase Arbitrary File Upload
14.09.2020
Adaptive Security Cons...
High
macOS cfprefsd Arbitrary File Write / Local Privilege Escalation
08.09.2020
timwr
Med.
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
08.09.2020
Angelo D'Amato
High
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
08.09.2020
thelastvvv
High
SiteMagic CMS 4.4.2 Shell Upload
05.09.2020
V1n1v131r4
Med.
SUPERAntiSpyware Professional X Trial Privilege Escalation
28.08.2020
b1nary
High
WordPress Autoptimize 2.7.6 Shell Upload
28.08.2020
SunCSR
Med.
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
22.08.2020
LiquidWorm
Med.
BarracudaDrive 6.5 Local Privilege Escalation
11.08.2020
Bobby Cooke
High
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
01.08.2020
Brendan Coles
High
Online Bike Rental 1.0 Shell Upload
01.08.2020
hyd3sec
High
Koken CMS 0.22.24 Arbitrary File Upload (Authenticated)
31.07.2020
v1n1v131r4
High
Calavera UpLoader 3.5 FTP Logi Denial of Service (PoC + SEH Overwrite)
27.07.2020
Felipe Winsnes
Med.
SteelCentral Aternity Agent 11.0.0.120 Privilege Escalation
25.07.2020
Eneko Cruz Elejalde
High
WonderCMS 3.1.0 XSS / Directory Traversal / File Upload
18.07.2020
Calvin Phang
High
Webtareas 2.1 / 2.1p File Upload / Information Disclosure
12.07.2020
AppleBois
Med.
Rittal Products Bypass / Command Injection / Privilege Escalation
12.07.2020
Johannes Kruchem
High
Online Student Enrollment System 1.0 Shell Upload
26.06.2020
BKpatron
Med.
Cisco AnyConnect Path Traversal / Privilege Escalation
25.06.2020
Yorick Koster
High
SmarterMail 16 Arbitrary File Upload
17.06.2020
vvhack.org
High
Neon LMS Shell Upload
17.06.2020
th3d1gger
Med.
Pulse Secure Client For Windows Local Privilege Escalation
17.06.2020
Marco Ortisi
High
Arista Restricted Shell Escape / Privilege Escalation
17.06.2020
Chris Anders
Med.
GOG GalaxyClientService Privilege Escalation
16.06.2020
Joe Testa
Med.
Background Intelligent Transfer Service Privilege Escalation
12.06.2020
itm4n
High
NeonLMS 4.6 Shell Upload
09.06.2020
th3d1gger
High
Clinic Management System 1.0 Shell Upload
05.06.2020
BKpatron
High
PanaceaSoft Shell Upload
30.05.2020
SyFi
Med.
Druva inSync Windows Client 6.6.3 Local Privilege Escalation
24.05.2020
Matteo Malvica
High
Monstra CMS 3.0.4 Authenticated Arbitrary File Upload
23.05.2020
Kishan Lal Choudhary
High
Victor CMS 1.0 Authenticated Arbitrary File Upload
20.05.2020
Kishan Lal Choudhary
High
Victor CMS 1.0 Shell Upload
20.05.2020
Kishan Lal Choudhary
Med.
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation
17.05.2020
Matthew Bergin
High
CuteNews 2.1.2 Authenticated Shell Upload
13.05.2020
Vigov5
High
qdPM 9.1 Arbitrary File Upload
13.05.2020
Besim ALTINOK
High
Kartris 1.6 Arbitrary File Upload
11.05.2020
Nhat Ha
Med.
Pi-hole 4.4 Remote Code Execution / Privilege Escalation
11.05.2020
Nick Frichette
High
Online Clothing Store 1.0 Arbitrary File Upload
09.05.2020
Saurav Shukla
Med.
HP Performance Monitoring xglance Privilege Escalation
05.05.2020
Tim Brown
High
HardDrive 2.1 Arbitrary File Upload
01.05.2020
Benjamin Kunz Mejri
High
Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload
30.04.2020
Balazs Hambalko
Med.
Druva inSync Windows Client 6.5.2 Privilege Escalation
30.04.2020
Chris Lyne
Med.
PHP-Fusion 9.03.50 Arbitrary File Upload
28.04.2020
Besim Altinok
Med.
EspoCRM 5.8.5 Privilege Escalation
26.04.2020
Besim Altinok
High
Air Sender 1.0.2 Arbitrary File Upload
26.04.2020
Benjamin Kunz Mejri
Med.
Cisco AnyConnect Secure Mobility Client 4.8.01090 Privilege Escalation
21.04.2020
Yorick Koster
High
Playable 9.18 Script Insertion / Arbitrary File Upload
18.04.2020
Benjamin Kunz Mejri
Med.
Common Desktop Environment 1.6 Local Privilege Escalation
18.04.2020
Marco Ivaldi
Med.
CA API Developer Portal 4.2.x / 4.3.1 Access Bypass / Privilege Escalation
16.04.2020
Ken Williams
Med.
VMware Fusion USB Arbitrator Setuid Privilege Escalation
03.04.2020
h00die
High
Deskpro Helpdesk Privilege Escalation / Remote Code Execution
02.04.2020
Abdulrahman Nour
High
WordPress Event-Registration Plugins 5.43 Arbitrary File Upload
29.03.2020
KingSkrupellos
High
Joomla GMapFP 3.30 Arbitrary File Upload
25.03.2020
thelastvvv
Med.
Avast Secure Browser 76.0.1659.101 Local Privilege Escalation
21.03.2020
Silton Santos
Med.
VMware Fusion Local Privilege Escalation / Directory Traversal
21.03.2020
Grimm
Med.
Microsoft Windows WizardOpium Local Privilege Escalation
09.03.2020
Anonymous
Med.
TL-WR849N 0.9.1 4.16 Authentication Bypass (Upload Firmware)
08.03.2020
Elber Tavares
High
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
08.03.2020
David Jorm
Med.
Intelbras Wireless N 150Mbps WRN240 Authentication Bypass
07.03.2020
Elber Tavares
Med.
Wing FTP Server 6.2.5 Privilege Escalation
03.03.2020
Cary Hooper
Med.
Cisco Unified Contact Center Express Privilege Escalation
25.02.2020
Jamie R
High
Diamorphine Rootkit Signal Privilege Escalation
24.02.2020
Bcoles
Med.
Diamorphine Rootkit Signal Privilege Escalation
21.02.2020
m0nad
Med.
Microsoft Windows 10 MSI Privilege Escalation
18.02.2020
nu11secur1ty
Med.
OpenTFTP 1.66 Local Privilege Escalation
13.02.2020
boku
Med.
Windscribe WindscribeService Named Pipe Privilege Escalation (Metasploit)
10.02.2020
bcoles
Med.
Ricoh Driver Privilege Escalation
08.02.2020
Shelby Pace
High
xglance-bin Local Root Privilege Escalation
06.02.2020
Tim Brown
Med.
Intel Processor Identification Utility 6.0.0211 Privilege Escalation
31.01.2020
Stefan Kanthak
High
OpenBSD OpenSMTPD Privilege Escalation / Code Execution
30.01.2020
Qualys Security Adviso...
Med.
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Esca
27.01.2020
Mohamed
High
SunOS 5.10 Generic_147148-26 Local Privilege Escalation
25.01.2020
Marco Ivaldi
Med.
Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation
23.01.2020
Brendan Coles
Med.
Plantronics Hub 3.13.2 SpokesUpdateService Privilege Escalation (Metasploit)
22.01.2020
Markus Krell
High
Microsoft Windows 10 (19H1 1901 x64) ws2ifsl.sys Use After Free Local Privilege Escalation (kASLR kCFG SMEP)
21.01.2020
Anonymous
High
Online Book Store 1.0 Arbitrary File Upload
17.01.2020
Or4nG.M4N
High
Microsoft Windows 10 build 1809 Local Privilege Escalation (UAC Bypass)
13.01.2020
Nassim Asrir
Med.
TotalAV 2020 4.14.31 Privilege Escalation
11.01.2020
Kusol Watchara-Apanuko...
High
Job Portal 1.0 Shell Upload
08.01.2020
Tib3rius
Med.
Plantronics Hub 3.13.2 Local Privilege Escalation
04.01.2020
Markus Krell
Med.
FreeBSD mqueuefs Privilege Escalation
31.12.2019
Karsten Konig
Med.
FreeBSD fd Privilege Escalation
31.12.2019
Karsten Konig
High
OpenBSD Dynamic Loader chpass Privilege Escalation
29.12.2019
Brendan Coles
Med.
CA Client Automation 14.x Privilege Escalation
27.12.2019
Kevin Kotas
Med.
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
24.12.2019
Dan Rosenberg
Med.
Reptile Rootkit reptile_cmd Privilege Escalation
24.12.2019
Brendan Coles
Med.
Deutsche Bahn Ticket Vending Machine Local Kiosk Privilege Escalation
19.12.2019
Vulnerability-Lab
Med.
NopCommerce 4.2.0 Privilege Escalation
17.12.2019
Alessandro Magnosi


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-09-08
Low
CVE-2019-16097

Updating...
 

 
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

 
High
CVE-2019-16103

Vendor: Silver-peak
Software: Unity edgeco...
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

 
2019-09-06
Medium
CVE-2018-6240

Vendor: Google
Software: Android
 

 
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address

 
Medium
CVE-2019-14813

Vendor: Artifex
Software: Ghostscript
 

 
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

 
Medium
CVE-2019-2182

Vendor: Google
Software: Android
 

 
In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
Medium
CVE-2019-9345

Vendor: Google
Software: Android
 

 
In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

 
Medium
CVE-2019-9436

Vendor: Google
Software: Android
 

 
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

 
2019-09-05
Medium
CVE-2019-15953

Vendor: Totaljs
Software: Total.js cms
 

 
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.

 
Medium
CVE-2019-2123

Vendor: Google
Software: Android
 

 
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
2019-09-04
Medium
CVE-2019-10709

Vendor: ASUS
Software: Precision to...
 

 
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top