| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
| Collabtive 1.0 has incorrect access control |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation |
| Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. |
| An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
| The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. |
| A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. |
| An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified |
| A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. |
| autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. |
| oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
| Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation |
