Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3635 | 1 Intel | 1 Rapid Storage Technology | 2021-03-26 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | |||||
| CVE-2014-1520 | 3 Fedoraproject, Microsoft, Mozilla | 4 Fedora, Windows, Firefox and 1 more | 2021-03-17 | 6.9 MEDIUM | N/A |
| maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. | |||||
| CVE-2020-4184 | 1 Ibm | 1 Security Guardium | 2021-03-17 | 7.5 HIGH | 7.3 HIGH |
| IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802.. | |||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2021-03-15 | 3.6 LOW | 5.5 MEDIUM |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | |||||
| CVE-2020-8021 | 2 Debian, Opensuse | 2 Debian Linux, Open Build Service | 2021-03-15 | 4.3 MEDIUM | 5.3 MEDIUM |
| a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | |||||
| CVE-2019-12522 | 1 Squid-cache | 1 Squid | 2021-03-10 | 4.4 MEDIUM | 4.5 MEDIUM |
| An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root. | |||||
| CVE-2020-12528 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-03-09 | 4.0 MEDIUM | 7.7 HIGH |
| An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to. | |||||
| CVE-2021-25630 | 1 Collaboraoffice | 1 Online | 2021-02-27 | 7.2 HIGH | 7.8 HIGH |
| "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges. | |||||
| CVE-2020-29031 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2021-02-26 | 5.5 MEDIUM | 8.1 HIGH |
| An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c | |||||
| CVE-2020-10384 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-02-19 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account. | |||||
| CVE-2021-26936 | 1 Replaysorcery Project | 1 Replaysorcery | 2021-02-16 | 7.2 HIGH | 7.8 HIGH |
| The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations. | |||||
| CVE-2021-0327 | 1 Google | 1 Android | 2021-02-12 | 7.2 HIGH | 7.8 HIGH |
| In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267 | |||||
| CVE-2020-6024 | 1 Checkpoint | 1 Smartconsole | 2021-02-02 | 4.6 MEDIUM | 7.8 HIGH |
| Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users. | |||||
| CVE-2011-1526 | 5 Debian, Fedoraproject, Mit and 2 more | 7 Debian Linux, Fedora, Krb5-appl and 4 more | 2021-02-02 | 6.5 MEDIUM | N/A |
| ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. | |||||
| CVE-2019-19728 | 3 Debian, Opensuse, Schedmd | 3 Debian Linux, Leap, Slurm | 2021-01-28 | 6.0 MEDIUM | 7.5 HIGH |
| SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | |||||
| CVE-2021-20618 | 1 Acmailer | 2 Acmailer, Acmailer Db | 2021-01-26 | 10.0 HIGH | 9.8 CRITICAL |
| Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors. | |||||
| CVE-2021-0306 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240. | |||||
| CVE-2018-8724 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe. | |||||
| CVE-2018-8044 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys. | |||||
| CVE-2018-9332 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 4.6 MEDIUM | 7.8 HIGH |
| K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). | |||||