Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7782 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2018-9853 | 1 Freesshd | 1 Freesshd | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server. | |||||
| CVE-2017-7803 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
| CVE-2018-10172 | 1 7-zip | 1 7-zip | 2019-10-02 | 7.2 HIGH | 8.8 HIGH |
| 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. | |||||
| CVE-2017-8187 | 1 Huawei | 2 Fusionsphere Openstack, Fusionsphere Openstack Firmware | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. | |||||
| CVE-2017-8308 | 1 Avast | 1 Antivirus | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components. | |||||
| CVE-2017-9324 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. | |||||
| CVE-2017-9450 | 1 Amazon | 1 Amazon Web Services Cloudformation Bootstrap | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | |||||
| CVE-2017-9662 | 1 Fujielectric | 1 Monitouch V-sft | 2019-10-02 | 4.6 MEDIUM | 5.3 MEDIUM |
| An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. | |||||
| CVE-2017-9724 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address. | |||||
| CVE-2018-0010 | 1 Juniper | 1 Junos Space | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1. | |||||
| CVE-2018-10168 | 1 Tp-link | 1 Eap Controller | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-0748 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0566 | 1 Cybozu | 1 Office | 2019-10-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | |||||
| CVE-2018-0573 | 1 Basercms | 1 Basercms | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | |||||
| CVE-2018-0610 | 1 Zenphoto | 1 Zenphoto | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
| Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. | |||||
| CVE-2018-9425 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| In Platform, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73884967 | |||||
| CVE-2012-0384 | 1 Cisco | 2 Ios, Ios Xe | 2019-09-27 | 8.5 HIGH | 7.2 HIGH |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. | |||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2019-09-27 | 9.3 HIGH | 9.6 CRITICAL |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | |||||
| CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2019-09-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | |||||