Total
5243 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18584 | 1 Post Pay Counter Project | 1 Post Pay Counter | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. | |||||
CVE-2019-0796 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841. | |||||
CVE-2015-1327 | 1 Canonical | 1 Ubuntu Linux | 2023-12-10 | 4.3 MEDIUM | 7.8 HIGH |
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. | |||||
CVE-2016-10922 | 1 Visser | 1 Store Toolkit For Woocommerce | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. | |||||
CVE-2016-10923 | 1 Visser | 1 Store Toolkit For Woocommerce | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. | |||||
CVE-2019-10709 | 1 Asus | 1 Precision Touchpad | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | |||||
CVE-2019-2102 | 1 Google | 1 Android | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052. | |||||
CVE-2019-10885 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context. | |||||
CVE-2018-10239 | 1 Infoblox | 1 Nios | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a weakness in the "support access" password generation algorithm. A locally authenticated administrative user may be able to exploit this vulnerability if the "support access" feature is enabled, they know the support access code for the current session, and they know the algorithm to generate the support access password from the support access code. "Support access" is disabled by default. When enabled, the access will be automatically disabled (and support access code will expire) after the 24 hours. | |||||
CVE-2019-11771 | 1 Eclipse | 1 Openj9 | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | |||||
CVE-2016-10935 | 1 Visser | 1 Store Exporter For Woocommerce | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. | |||||
CVE-2019-0129 | 1 Intel | 1 Usb 3.0 Creator Utility | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-0128 | 1 Intel | 1 Chipset Device Software | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access. | |||||
CVE-2019-0164 | 2 Intel, Lenovo | 9 Turbo Boost Max Technology 3.0, Thinkstation P410, Thinkstation P410 Firmware and 6 more | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2017-8230 | 1 Amcrest | 2 Ipm-721s, Ipm-721s Firmware | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrative interface of the device can add a new administrative user to the interface using HTTP APIs provided by the device and perform all the actions as an administrative user by using that account. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable functions that performs the various action described in HTTP APIs. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 0x00429084 in IDA pro is the one that processes the HTTP API request for "addUser" action. If one traces the calls to this function, it can be clearly seen that the function sub_ 41F38C at address 0x0041F588 parses the call received from the browser and passes it to the "addUser" function without any authorization check. | |||||
CVE-2019-13125 | 1 Tencent | 1 Habomalhunter | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation. | |||||
CVE-2017-18399 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | |||||
CVE-2017-18451 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | |||||
CVE-2019-0121 | 1 Intel | 1 Matrix Storage Manager | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2017-18455 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). |