CWE:
 

Tytuł
Data
Autor
Med.
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation
17.05.2020
Matthew Bergin
Med.
Ultimate Member 2.39 Unauthorized profile modification
18.06.2019
Clément Cruchet
Med.
WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing
27.02.2019
GeekHack
Med.
Goozmo™ Systems v.1.0 Improper Privilege Management
29.01.2019
KingSkrupellos
Med.
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
04.05.2018
Core
Med.
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
01.11.2017
Karn Ganeshen
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
phpMyAdmin 3.5.x/4.0.x privilege escalation
30.07.2013
SecuriTeam Secure Disc...
High
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability
27.09.2012
X-Cisadane


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-07-05
High
CVE-2020-15528

Vendor: GOG
Software: Galaxy
 

 
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.

 
High
CVE-2020-15529

Vendor: GOG
Software: Galaxy
 

 
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.

 
2020-07-02
Low
CVE-2020-8179

Vendor: Nextcloud
Software: DECK
 

 
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.

 
2020-07-01
Medium
CVE-2020-13382

Vendor: Opensis
Software: Opensis
 

 
openSIS through 7.4 has Incorrect Access Control.

 
Medium
CVE-2020-5907

Vendor: F5
Software: Big-ip acces...
 

 
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.

 
2020-06-30
Medium
CVE-2020-5580

Vendor: Cybozu
Software: Garoon
 

 
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.

 
Medium
CVE-2020-15396

Vendor: Hylafax\+ project
Software: Hylafax\+
 

 
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

 
Medium
CVE-2020-15397

Vendor: Hylafax\+ project
Software: Hylafax\+
 

 
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).

 
Medium
CVE-2020-15411

Vendor: MISP
Software: MISP
 

 
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.

 
Low
CVE-2020-15412

Vendor: MISP
Software: MISP
 

 
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top