Total
2236 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2024-11-21 | 4.3 Medium |
| The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | ||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 5.5 Medium |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | ||||
| CVE-2015-8534 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-8032 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.3 Medium |
| In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | ||||
| CVE-2015-7831 | 1 Cloudera | 1 Cdh | 2024-11-21 | 8.8 High |
| In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. | ||||
| CVE-2015-7556 | 1 Delegate | 1 Delegate | 2024-11-21 | 7.8 High |
| DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. | ||||
| CVE-2015-7334 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-7333 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | ||||
| CVE-2015-5466 | 1 Sis | 1 Xgi Vga Display Manager | 2024-11-21 | 7.8 High |
| Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call. | ||||
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | ||||
| CVE-2015-5071 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | ||||
| CVE-2015-4719 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 9.8 Critical |
| The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. | ||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 9.8 Critical |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | ||||
| CVE-2015-2909 | 1 Netvu | 40 Ds2 \(dvtr\), Ds2 \(dvtr\) Firmware, Ds2 \(dvtu\) and 37 more | 2024-11-21 | 9.8 Critical |
| Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords." | ||||
| CVE-2015-0949 | 2 Dell, Hp | 4 Latitude E6430, Latitude E6430 Firmware, Elitebook 850 G1 and 1 more | 2024-11-21 | 7.8 High |
| The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. | ||||
| CVE-2014-6448 | 1 Juniper | 1 Junos | 2024-11-21 | 7.8 High |
| Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | ||||
| CVE-2014-4170 | 1 Freereprintables | 1 Articlefr | 2024-11-21 | 9.8 Critical |
| A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | ||||
| CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | 7.8 High |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | ||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.8 Critical |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | ||||
| CVE-2013-6231 | 1 Eng | 1 Spagobi | 2024-11-21 | 8.8 High |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script | ||||