Total
2199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14187 | 1 Fortinet | 1 Fortios | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
| A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. | |||||
| CVE-2017-10690 | 2 Puppet, Redhat | 3 Puppet, Puppet Enterprise, Satellite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4 | |||||
| CVE-2017-10689 | 3 Canonical, Puppet, Redhat | 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. | |||||
| CVE-2017-0935 | 1 Ui | 1 Edgeos | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. | |||||
| CVE-2017-0934 | 1 Ubnt | 1 Edgeos | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system. | |||||
| CVE-2017-0932 | 1 Ubnt | 1 Edgeos | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system. | |||||
| CVE-2017-0358 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. | |||||
| CVE-2016-9928 | 3 Canonical, Debian, Mcabber | 3 Ubuntu Linux, Debian Linux, Mcabber | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | |||||
| CVE-2016-9489 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password. | |||||
| CVE-2016-6590 | 1 Symantec | 4 Encryption Desktop, Endpoint Encryption, Ghost Solution Suite and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | |||||
| CVE-2016-15002 | 1 Ideracorp | 1 Webyog Monyog Ultimate | 2024-11-21 | 6.5 MEDIUM | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. | |||||
| CVE-2016-11011 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | |||||
| CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | |||||
| CVE-2016-11003 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | |||||
| CVE-2016-11002 | 1 Elegantthemes | 1 Extra | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | |||||
| CVE-2016-10972 | 1 Tagdiv | 1 Newspaper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | |||||
| CVE-2016-10971 | 1 Membersonic | 1 Membersonic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. | |||||
| CVE-2016-10968 | 1 Peepso | 1 Peepso | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | |||||
| CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | |||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | |||||