Vulnerabilities (CVE)

CWE filter

CWE-264

Filter

6968 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-8931 1 Bitdefender 1 Gravityzone 2018-12-07 10.0
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
CVE-2018-15865 1 Pulsesecure 2 Plus Secure Desktop, Pulse Secure Desktop Client 2018-12-07 4.6
The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability.
CVE-2018-15660 1 Olacabs 1 Olamoney 2018-12-07 4.3
** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a...
CVE-2018-15711 1 Nagios 1 Nagios Xi 2018-12-07 6.5
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
CVE-2013-2069 1 Redhat 1 Livecd-tools 2018-12-06 7.2
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
CVE-2013-0155 2 Rubyonrails, Debian 2 Ruby On Rails, Debian Linux 2018-12-06 6.4
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass...
CVE-2013-0643 1 Adobe 1 Flash Player 2018-12-06 9.3
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for...
CVE-2018-18387 1 Playsms Project 1 Playsms 2018-12-06 9.0
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse.
CVE-2018-12369 2 Mozilla, Canonical 3 Firefox, Firefox Esr, Ubuntu Linux 2018-12-06 7.5
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.
CVE-2018-15592 2018-12-06 4.6
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.
CVE-2012-5278 1 Adobe 4 Adobe Air, Flash Player For Android, Adobe Air Sdk and 1 more 2018-12-04 10.0
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR...
CVE-2017-18348 2018-12-04 6.9
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and...
CVE-2018-16509 4 Artifex, Canonical, Debian and 1 more 7 Ghostscript, Ubuntu Linux, Debian Linux and 4 more 2018-12-04 9.3
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe"...
CVE-2018-14828 1 Advantech 1 Webaccess 2018-12-03 7.2
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
CVE-2018-18391 1 Moxa 1 Thingspro 2018-12-03 6.5
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18392 1 Moxa 1 Thingspro 2018-12-03 6.5
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-8453 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2018-12-03 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,...
CVE-2017-14312 1 Nagios 1 Nagios Core 2018-12-03 7.2
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users...
CVE-2018-1711 1 Ibm 1 Db2 2018-12-02 4.6
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.
CVE-2018-4237 1 Apple 4 Apple Tv, Iphone Os, Mac Os X and 1 more 2018-12-01 6.8
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to...