Vulnerabilities (CVE)

Filtered by CWE-269
Total 1799 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0327 1 Google 1 Android 2021-02-12 7.2 HIGH 7.8 HIGH
In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267
CVE-2020-6024 1 Checkpoint 1 Smartconsole 2021-02-02 4.6 MEDIUM 7.8 HIGH
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
CVE-2011-1526 5 Debian, Fedoraproject, Mit and 2 more 7 Debian Linux, Fedora, Krb5-appl and 4 more 2021-02-02 6.5 MEDIUM N/A
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
CVE-2019-19728 3 Debian, Opensuse, Schedmd 3 Debian Linux, Leap, Slurm 2021-01-28 6.0 MEDIUM 7.5 HIGH
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
CVE-2021-20618 1 Acmailer 2 Acmailer, Acmailer Db 2021-01-26 10.0 HIGH 9.8 CRITICAL
Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
CVE-2021-0306 1 Google 1 Android 2021-01-13 7.2 HIGH 7.8 HIGH
In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11, Android-8.0, Android-8.1, Android-9, Android-10; Android ID: A-154505240.
CVE-2018-8044 1 K7computing 4 Antivrius, Enterprise Security, Total Security and 1 more 2021-01-13 4.6 MEDIUM 7.8 HIGH
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution (local). The component is: K7Sentry.sys.
CVE-2018-8724 1 K7computing 4 Antivrius, Enterprise Security, Total Security and 1 more 2021-01-13 4.6 MEDIUM 7.8 HIGH
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local). The component is: K7TSMngr.exe.
CVE-2018-9332 1 K7computing 4 Antivrius, Enterprise Security, Total Security and 1 more 2021-01-13 4.6 MEDIUM 7.8 HIGH
K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. The impact is: gain privileges (local).
CVE-2018-9333 1 K7computing 4 Antivrius, Enterprise Security, Total Security and 1 more 2021-01-13 4.6 MEDIUM 7.8 HIGH
K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: K7TSMngr.exe.
CVE-2018-11008 1 K7computing 4 Antivrius, Enterprise Security, Total Security and 1 more 2021-01-12 4.3 MEDIUM 5.5 MEDIUM
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
CVE-2018-11006 1 K7computing 4 Antivrius, Enterprise Security, Total Security and 1 more 2021-01-12 8.8 HIGH 5.5 MEDIUM
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
CVE-2020-8275 1 Citrix 1 Secure Mail 2021-01-12 4.3 MEDIUM 4.3 MEDIUM
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
CVE-2020-36156 1 Ultimatemember 1 Ultimate Member 2021-01-08 6.5 MEDIUM 8.8 HIGH
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.
CVE-2020-36155 1 Ultimatemember 1 Ultimate Member 2021-01-07 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access.
CVE-2020-8290 1 Backblaze 1 Backblaze 2020-12-31 4.6 MEDIUM 7.8 HIGH
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.
CVE-2020-12519 1 Phoenixcontact 7 Axc F 1152, Axc F 2152, Axc F 2152 Starterkit and 4 more 2020-12-21 10.0 HIGH 9.8 CRITICAL
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.
CVE-2020-8283 1 Citrix 3 Virtual Apps And Desktops, Xenapp, Xendesktop 2020-12-17 9.0 HIGH 8.8 HIGH
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
CVE-2020-8258 1 Citrix 1 Gateway Plug-in 2020-12-16 5.0 MEDIUM 7.5 HIGH
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.
CVE-2020-8257 1 Citrix 1 Gateway Plug-in 2020-12-16 7.5 HIGH 9.8 CRITICAL
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks