Total
1968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0932 | 1 Ubnt | 1 Edgeos | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system. | |||||
| CVE-2017-0358 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation. | |||||
| CVE-2016-9928 | 3 Canonical, Debian, Mcabber | 3 Ubuntu Linux, Debian Linux, Mcabber | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | |||||
| CVE-2016-6590 | 1 Symantec | 4 Encryption Desktop, Endpoint Encryption, Ghost Solution Suite and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | |||||
| CVE-2016-11011 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | |||||
| CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | |||||
| CVE-2016-11003 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | |||||
| CVE-2016-11002 | 1 Elegantthemes | 1 Extra | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | |||||
| CVE-2016-10972 | 1 Tagdiv | 1 Newspaper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | |||||
| CVE-2016-10971 | 1 Membersonic | 1 Membersonic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. | |||||
| CVE-2016-10968 | 1 Peepso | 1 Peepso | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | |||||
| CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | |||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | |||||
| CVE-2015-8534 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-8032 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | |||||
| CVE-2015-7831 | 1 Cloudera | 1 Cdh | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. | |||||
| CVE-2015-7556 | 1 Delegate | 1 Delegate | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. | |||||
| CVE-2015-7334 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-7333 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-5466 | 1 Sis | 1 Xgi Vga Display Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call. | |||||