Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2020-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | |||||
| CVE-2012-4606 | 1 Citrix | 1 Xenserver | 2020-02-03 | 4.6 MEDIUM | 7.8 HIGH |
| Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | |||||
| CVE-2012-6302 | 1 Soapbox Project | 1 Soapbox | 2020-02-01 | 7.2 HIGH | 7.8 HIGH |
| Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | |||||
| CVE-2019-5472 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | |||||
| CVE-2020-3115 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2020-01-31 | 7.2 HIGH | 8.8 HIGH |
| A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges. | |||||
| CVE-2018-16272 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-16271 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2020-01-30 | 3.3 LOW | 6.5 MEDIUM |
| The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-16270 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. | |||||
| CVE-2018-8654 | 1 Microsoft | 1 Dynamics 365 | 2020-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1454 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-01-27 | 3.6 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2020-01-27 | 4.6 MEDIUM | 7.8 HIGH |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | |||||
| CVE-2015-5466 | 1 Sis | 1 Xgi Vga Display Manager | 2020-01-24 | 4.6 MEDIUM | 7.8 HIGH |
| Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call. | |||||
| CVE-2020-7047 | 1 Webfactoryltd | 1 Wp Database Reset | 2020-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. | |||||
| CVE-2014-6448 | 1 Juniper | 1 Junos | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | |||||
| CVE-2015-5071 | 1 Bmc | 1 Remedy Ar System Server | 2020-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | |||||
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2020-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | |||||
| CVE-2015-7556 | 1 Delegate | 1 Delegate | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. | |||||
| CVE-2012-1563 | 1 Joomla | 1 Joomla\! | 2020-01-22 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla! before 2.5.3 allows Admin Account Creation. | |||||
| CVE-2012-4761 | 1 Safend | 1 Data Protector Agent | 2020-01-22 | 7.2 HIGH | 7.8 HIGH |
| A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. | |||||
| CVE-2013-6231 | 1 Eng | 1 Spagobi | 2020-01-21 | 9.0 HIGH | 8.8 HIGH |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script | |||||