CWE:
 

Tytuł
Data
Autor
Med.
Ultimate Member 2.39 Unauthorized profile modification
18.06.2019
Clément Cruchet
Med.
WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing
27.02.2019
GeekHack
Med.
Goozmo™ Systems v.1.0 Improper Privilege Management
29.01.2019
KingSkrupellos
Med.
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
04.05.2018
Core
Med.
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
01.11.2017
Karn Ganeshen
Med.
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
25.04.2017
Hank Leininger and Mat...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
18.02.2017
Matt Bergin
Med.
phpMyAdmin 3.5.x/4.0.x privilege escalation
30.07.2013
SecuriTeam Secure Disc...
High
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability
27.09.2012
X-Cisadane


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-11-26
High
CVE-2019-15595

Updating...
 

 
A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.

 
Medium
CVE-2017-7399

Vendor: Cloudera
Software: Cloudera manager
 

 
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.

 
Low
CVE-2019-18462

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.

 
2019-11-25
Medium
CVE-2012-5617

Vendor: Linux-aarhus
Software: Gksu-polkit
 

 
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

 
Medium
CVE-2019-13702

Vendor: Google
Software: Chrome
 

 
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

 
Medium
CVE-2019-13680

Vendor: Google
Software: Chrome
 

 
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.

 
High
CVE-2012-6639

Vendor: Canonical
Software: Cloud-init
 

 
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

 
2019-11-22
Medium
CVE-2019-9536

Vendor: Apple
Software: Iphone 3gs
 

 
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

 
Medium
CVE-2019-16287

Vendor: HP
Software: Thinpro
 

 
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.

 
2019-11-21
Medium
CVE-2019-10617

Updating...
 

 
Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377

 

 


Copyright 2019, cxsecurity.com

 

Back to Top