CWE:
 

Tytuł
Data
Autor
High
Restaurant Management System 1.0 Shell Upload
18.10.2019
Ibad Shah
Med.
National Instruments Circuit Design Suite 14.0 Privilege Escalation
12.10.2019
Ivan Marmolejo
Med.
CheckPoint Endpoint Security Client / ZoneAlarm Privilege Escalation
07.10.2019
Jakub Palaczynski
Med.
Logrotate 3.15.1 Privilege Escalation
07.10.2019
Wolfgang Hotwagner
High
IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution
07.10.2019
Jakub Palaczynski
Med.
GitLab Omnibus 12.2.1 Logrotate Privilege Escalation
05.10.2019
Wolfgang Hotwagner
Med.
ABRT sosreport Privilege Escalation
29.09.2019
rebel
Med.
V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation
27.09.2019
LiquidWorm
High
Chamilo LMS 1.11.8 Shell Upload
26.09.2019
Sohel Yousef
Med.
Samsung Mobile Android SamsungTTS Privilege Escalation
26.09.2019
flanker
Med.
ABRT sosreport Privilege Escalation
25.09.2019
rebel
High
Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload
22.09.2019
Sohel Yousef
Med.
ktsuss 1.4 suid Privilege Escalation
19.09.2019
Anonymous
High
macOS 18.7.0 Kernel Local Privilege Escalation
19.09.2019
LinusHenze
High
October CMS Upload Protection Bypass Code Execution
08.09.2019
Anti Rais
High
FileThingie 2.5.7 Remote Shell Upload
05.09.2019
Cakes
Med.
ptrace Sudo Token Privilege Escalation
03.09.2019
Brendan Coles
High
Sentrifugo 3.2 File Upload Restriction Bypass
02.09.2019
creosote
Med.
Asus Precision TouchPad 11.0.0.25 Denial Of Service / Privilege Escalation
01.09.2019
Athanasios Tserpelis
Med.
Exim 4.87 / 4.91 Local Privilege Escalation (Metasploit)
27.08.2019
Qualys
High
Integria IMS 5.0.86 Arbitrary File Upload
18.08.2019
Greg Priest
Med.
Steam Windows Client Local Privilege Escalation
13.08.2019
Absozed
High
osTicket 1.12 File Upload Cross Site Scripting
12.08.2019
Aishwarya Iyer
High
Baldr Botnet Panel Shell Upload
09.08.2019
Ege Balci
Med.
Microsoft Windows 7 build 7601 (x86) Local Privilege Escalation
07.08.2019
Anonymouse
High
ATutor 2.2.4 Arbitrary File Upload / Command Execution
06.08.2019
liquidsky
Med.
Linux Kernel 4.15.x < 4.19.2 map_write() CAP_SYS_ADMIN Local Privilege Escalation (dbus Method)
01.08.2019
root
Med.
Linux Kernel 4.15.x < 4.19.2 map_write() CAP_SYS_ADMIN Local Privilege Escalation (cron Method)
31.07.2019
Jann
Med.
S-nail < 14.8.16 Local Privilege Escalation
30.07.2019
Bcoles
Med.
ASAN/SUID Local Privilege Escalation
30.07.2019
Anonymouse
Med.
VMware Workstation/Player < 12.5.5 Local Privilege Escalation
29.07.2019
Anonymous
High
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
27.07.2019
Wietse Boonstra
High
Linux Kernel 4.10 < 5.1.17 PTRACE_TRACEME pkexec Local Privilege Escalation
26.07.2019
Anonymouse
Med.
Microsoft Windows Task Scheduler Local Privilege Escalation
22.07.2019
Social Engineering Neo
Med.
CentOS Control Web Panel 0.9.8.836 Privilege Escalation
17.07.2019
Pongtorn Angsuchotmete...
Low
ExpressVPN - Unquoted Service Path Privilege Escalation
14.07.2019
Iran Cyber Security Gr...
High
BKS EBK Ethernet-Buskoppler Pro Shell Upload
05.07.2019
Sebastian Auwaerter
Med.
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
01.07.2019
timwr
High
FortiCam FCM-MB40 Code Execution / Privilege Escalation
25.06.2019
XORcat
Med.
CentOS 7.6 ptrace_scope Privilege Escalation
21.06.2019
Marcelo Vazquez
High
Cisco Prime Infrastructure Runrshell Privilege Escalation
20.06.2019
sinn3r
Med.
Telus Actiontec T2200H Local Privilege Escalation
13.06.2019
Andrew Klaus
Med.
Telus Actiontec WEB6000Q Privilege Escalation
13.06.2019
Andrew Klaus
High
WordPress Satoshi 2.0 Cross Site Request Forgery / File Upload
06.06.2019
KingSkrupellos
Med.
Serv-U FTP Server 15.1.6.25 Local Privilege Escalation
31.05.2019
Chris Moberly
Med.
Joomla 3.9.6 Com_Attachments Components 3.x Unauthorized File Insertion
27.05.2019
KingSkrupellos
Med.
Разработка сайта Artonica Russia Unauthorized File Insertion
23.05.2019
KingSkrupellos
Med.
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
23.05.2019
Benjamin Hess
Med.
FreeBSD rtld execl() Privilege Escalation
22.05.2019
stealth
Med.
Schwabe Slovakia WebDesign Studio Nandu Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
Ctecia ComputerTechnologies Experts Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
ЯрНео Разработка сайтов Yarneo WebDesign Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
Netvidade Portugal Unauthorized File Insertion
21.05.2019
KingSkrupellos
Med.
NSClient++ 0.5.2.35 Privilege Escalation
07.05.2019
bzyo
High
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
28.04.2019
Cisco Talos
Med.
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
28.04.2019
Cisco Talos
Med.
Apache 2.4.17 < 2.4.38 apache2ctl graceful logrotate Local Privilege Escalation
14.04.2019
Charles
High
Horde Form Shell Upload
11.04.2019
Ratiosec
Med.
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
09.04.2019
Charles FOL
High
WordPress 5.0.0 Crop-image Shell Upload (Metasploit)
06.04.2019
Wilfried Becard
High
WordPress 5.0.0 crop-image Shell Upload
05.04.2019
RIPSTECH Technology
High
Classified Ad Lister 2.0 Arbitrary File Upload
01.04.2019
Mehmet Emiroglu
Low
Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload
28.03.2019
KingSkrupellos
Med.
exacqVision 9.8 Unquoted Service Path Privilege Escalation
21.03.2019
LiquidWorm
High
CSZ CMS 1.2.1 Arbitrary File Upload
21.03.2019
Mehmet Emiroglu
High
Webmin 1.900 Upload Authenticated Remote Command Execution
16.03.2019
Ozkan Mustafa Akkus
High
BMC Patrol Agent Privilege Escalation / Command Execution
16.03.2019
b0yd
High
FreeBSD Intel SYSRET Privilege Escalation
07.03.2019
Rafal Wojtczuk
Med.
WordPress wp-bs3-rad Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress wp-bs3-rad Themes Unauthorized Insert File Vulnerability
06.03.2019
KingSkrupellos
Med.
WordPress HT-Poi Plugins 2.9 Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress nlh_omp-v1 Themes 1.0 Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress OneSocial-Child Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress fuecaHome Plugins Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress OneSocial-Child Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress ii-commerce Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
06.03.2019
KingSkrupellos
Med.
DongDuongCMS Vietnext Unauthorized File Insertation Vulnerability
04.03.2019
KingSkrupellos
Med.
Joomla ModPPCSimpleSpotLight Modules 1.2/3.0 CSRF Backdoor Access Vulnerability
04.03.2019
KingSkrupellos
Med.
WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download
27.02.2019
KingSkrupellos
High
HanYazilim Paper Submission System .NET 1.0 Shell Upload
25.02.2019
KingSkrupellos
Med.
Memu Play 6.0.7 Privilege Escalation
22.02.2019
Alejandra Sanchez
Med.
Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation
22.02.2019
Leandro Cuozzo
High
Webiness Inventory 2.3 ProductModel Arbitrary File Upload
21.02.2019
Mehmet EMIROGLU
High
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
20.02.2019
Dao Duy Hung
Med.
TinyMCE JBimages Plugin 3.x JustBoilMe Arbitrary File Upload Vulnerability
18.02.2019
KingSkrupellos
High
UniSharp Laravel File Manager 2.0.0-alpha7 Arbitrary File Upload
16.02.2019
Mohammad Danish
Med.
exacqVision ESM 5.12.2 Privilege Escalation
15.02.2019
bzyo
Med.
Joomla Jumi 3.0.5 Database Disclosure / SQL Injection
04.02.2019
KingSkrupellos
Med.
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
04.02.2019
Stefan Petrushevski
Med.
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
02.02.2019
Chris Moberly
Med.
MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation
25.01.2019
D7X
Med.
AddressSanitizer (ASan) SUID Executable Privilege Escalation
24.01.2019
Brendan Coles
High
Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation
24.01.2019
Chris Lyne
Med.
ManageEngine OpManager 12.3 Privilege Escalation
22.01.2019
Humberto Cabrera
Med.
Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation
17.01.2019
Chris Anastasio
Med.
blueman set_dhcp_handler D-Bus Privilege Escalation
16.01.2019
The Grugq


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-09-08
Low
CVE-2019-16097

Updating...
 

 
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

 
High
CVE-2019-16103

Vendor: Silver-peak
Software: Unity edgeco...
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

 
2019-09-06
Medium
CVE-2018-6240

Vendor: Google
Software: Android
 

 
NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address

 
Medium
CVE-2019-14813

Vendor: Artifex
Software: Ghostscript
 

 
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

 
Medium
CVE-2019-2182

Vendor: Google
Software: Android
 

 
In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
Medium
CVE-2019-9345

Vendor: Google
Software: Android
 

 
In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

 
Medium
CVE-2019-9436

Vendor: Google
Software: Android
 

 
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

 
2019-09-05
Medium
CVE-2019-15953

Vendor: Totaljs
Software: Total.js cms
 

 
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.

 
Medium
CVE-2019-2123

Vendor: Google
Software: Android
 

 
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

 
2019-09-04
Medium
CVE-2019-10709

Vendor: ASUS
Software: Precision to...
 

 
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top