Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-269
Total 1509 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-14836 1 Subrion 1 Subrion Cms 2019-10-02 4.0 MEDIUM 6.5 MEDIUM
Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.
CVE-2018-14894 1 Cyberark 1 Endpoint Privilege Manager 2019-10-02 4.6 MEDIUM 7.8 HIGH
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
CVE-2017-5671 1 Honeywell 14 Intermec Pc23, Intermec Pc23 Firmware, Intermec Pc42 and 11 more 2019-10-02 7.2 HIGH 8.8 HIGH
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
CVE-2018-1000865 2 Jenkins, Redhat 2 Script Security, Openshift Container Platform 2019-10-02 6.5 MEDIUM 8.8 HIGH
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.
CVE-2017-5084 1 Google 1 Chrome Os 2019-10-02 2.1 LOW 3.3 LOW
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.
CVE-2017-4982 1 Emc 1 Mainframe Enablers Resourcepak Base 2019-10-02 10.0 HIGH 9.8 CRITICAL
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2018-10514 2 Microsoft, Trendmicro 5 Windows, Antivirus \+ Security, Internet Security and 2 more 2019-10-02 7.2 HIGH 7.8 HIGH
A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
CVE-2017-2094 1 Cybozu 1 Garoon 2019-10-02 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
CVE-2018-0613 1 Necplatforms 16 Calsos Csdj-a, Calsos Csdj-a Firmware, Calsos Csdj-b and 13 more 2019-10-02 6.5 MEDIUM 8.8 HIGH
NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.
CVE-2018-0671 1 Mnc 1 Inplc-rt 2019-10-02 4.6 MEDIUM 6.7 MEDIUM
Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrator rights to execute arbitrary code on the Windows system via unspecified vectors.
CVE-2018-0751 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2019-10-02 3.6 LOW 7.1 HIGH
The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752.
CVE-2018-0821 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-02 4.4 MEDIUM 7.0 HIGH
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".
CVE-2018-1000028 1 Linux 1 Linux Kernel 2019-10-02 5.8 MEDIUM 7.4 HIGH
Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.
CVE-2018-1000133 1 Secluded 1 Trident 2019-10-02 6.0 MEDIUM 7.5 HIGH
Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the "System Administrator" permission to "yes" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2.
CVE-2018-1000141 1 I-librarian 1 I Librarian 2019-10-02 7.5 HIGH 9.1 CRITICAL
I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions.
CVE-2018-1000400 1 Kubernetes 1 Cri-o 2019-10-02 6.5 MEDIUM 8.8 HIGH
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.
CVE-2018-1000503 1 Mybb 1 Mybb 2019-10-02 4.0 MEDIUM 4.3 MEDIUM
MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. This attack appear to be exploitable via Subscribe to a forum through IDOR. This vulnerability appears to have been fixed in 1.8.15.
CVE-2018-1000624 1 Battelle 1 V2i Hub 2019-10-02 7.8 HIGH 7.5 HIGH
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.
CVE-2018-1000634 1 Openmicroscopy 1 Omero 2019-10-02 6.5 MEDIUM 7.2 HIGH
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7.
CVE-2018-1000648 1 Librehealth 1 Librehealth Ehr 2019-10-02 6.5 MEDIUM 8.8 HIGH
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.