Show filters
466 topics marked with the following tags:
Displaying 11-20 of 466
Gives privileged access
Sort by:
Attacker Value
Very High

CVE-2022-26809

Disclosure Date: April 15, 2022 (last updated October 07, 2023)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
1
Attacker Value
Low

CVE-2019-18634

Disclosure Date: January 29, 2020 (last updated November 08, 2023)
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
2
Attacker Value
Very Low

CVE-2019-4473

Disclosure Date: August 05, 2019 (last updated October 06, 2023)
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
Attack Vector: LocalPrivileges: LowUser Interaction: None
1
1
Attacker Value
Moderate

CVE-2020-10245

Disclosure Date: March 26, 2020 (last updated October 06, 2023)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
1
Attacker Value
Very Low

CVE-2018-1890

Disclosure Date: March 11, 2019 (last updated October 06, 2023)
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
Attack Vector: LocalPrivileges: LowUser Interaction: None
1
1
Attacker Value
High

CVE-2023-0339

Last updated April 19, 2023
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
4
1
Attacker Value
High

CVE-2021-42593

Last updated October 18, 2021
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
1
Attacker Value
Low

CVE-2020-14942

Disclosure Date: June 21, 2020 (last updated October 06, 2023)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
1
Attacker Value
Low

CVE-2024-20328

Disclosure Date: March 01, 2024 (last updated March 02, 2024)
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2
1
Attacker Value
Very Low

CVE-2019-11773

Disclosure Date: September 12, 2019 (last updated October 06, 2023)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
1
1
View More Topics  < Previous  Next >