Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-269
Total 1509 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7782 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2019-10-02 5.0 MEDIUM 5.3 MEDIUM
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVE-2018-9853 1 Freesshd 1 Freesshd 2019-10-02 7.5 HIGH 9.8 CRITICAL
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.
CVE-2017-7803 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2019-10-02 5.0 MEDIUM 7.5 HIGH
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVE-2018-10172 1 7-zip 1 7-zip 2019-10-02 7.2 HIGH 8.8 HIGH
7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process.
CVE-2017-8187 1 Huawei 2 Fusionsphere Openstack, Fusionsphere Openstack Firmware 2019-10-02 6.5 MEDIUM 7.2 HIGH
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation.
CVE-2017-8308 1 Avast 1 Antivirus 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components.
CVE-2017-9324 2 Debian, Otrs 2 Debian Linux, Otrs 2019-10-02 6.5 MEDIUM 8.8 HIGH
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
CVE-2017-9450 1 Amazon 1 Amazon Web Services Cloudformation Bootstrap 2019-10-02 7.2 HIGH 7.8 HIGH
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.
CVE-2017-9662 1 Fujielectric 1 Monitouch V-sft 2019-10-02 4.6 MEDIUM 5.3 MEDIUM
An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges.
CVE-2017-9724 1 Google 1 Android 2019-10-02 9.3 HIGH 7.8 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
CVE-2018-0010 1 Juniper 1 Junos Space 2019-10-02 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.
CVE-2018-10168 1 Tp-link 1 Eap Controller 2019-10-02 6.5 MEDIUM 8.8 HIGH
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.
CVE-2018-0748 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2019-10-02 4.6 MEDIUM 7.8 HIGH
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".
CVE-2018-0566 1 Cybozu 1 Office 2019-10-02 4.0 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
CVE-2018-0573 1 Basercms 1 Basercms 2019-10-02 5.0 MEDIUM 5.3 MEDIUM
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
CVE-2018-0610 1 Zenphoto 1 Zenphoto 2019-10-02 6.5 MEDIUM 7.2 HIGH
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.
CVE-2018-9425 1 Google 1 Android 2019-10-02 4.6 MEDIUM 7.8 HIGH
In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967
CVE-2012-0384 1 Cisco 2 Ios, Ios Xe 2019-09-27 8.5 HIGH 7.2 HIGH
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.
CVE-2012-5376 1 Google 1 Chrome 2019-09-27 9.3 HIGH 9.6 CRITICAL
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
CVE-2015-9390 1 Admin Management Xtended Project 1 Admin Management Xtended 2019-09-23 4.0 MEDIUM 4.3 MEDIUM
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.