611 matches found
Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-1279)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4534306)
This host is missing a critical security update according to Microsoft KB4534306 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-15996
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An...
Design/Logic Flaw
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An...
CVE-2019-15996
CVE-2019-15996 : Cisco DNA Spaces: Connector contains a local privilege-escalation vulnerability. An authenticated, local attacker can exploit insufficient restrictions when executing an affected CLI command to elevate privileges and run arbitrary commands as root, potentially modifying sensitive...
Input validation
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
Cisco Web Security Appliance AsyncOS Software Access Control Error Vulnerability
The Cisco Web Security Appliance WSA is a web security appliance from Cisco. The appliance provides SaaS-based access control, real-time web reporting and tracking, and security policy formulation.AsyncOS Software is the operating system used in it. AsyncOS Software is an operating system used in...
Apple Mac OS X Security Updates (HT210722)-02
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-0070
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to ta...
Input validation
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to ta...
Microsoft Windows Multiple Vulnerabilities (KB4520005)
This host is missing a critical security update according to Microsoft KB4520005 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
The vulnerability of Firefox ESR, related to privilege management errors, allows a hacker to elevate their privileges and execute arbitrary code.
The vulnerability of Firefox ESR is related to privilege management errors. Exploiting this vulnerability allows a remote attacker to increase their privileges and execute arbitrary code...
D-Bus: Authentication bypass
Background D-Bus is a message bus system which processes can use to talk to each other. Description It was discovered that a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. Impact A local...
CVE-2019-1945
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these...
Foxit Reader Privilege Escalation Vulnerability - Mac OS X
Foxit Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:reader";...
CVE-2019-1625
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by...
CVE-2019-1625
CVE-2019-1625 affects Cisco SD-WAN Solution CLI. An authenticated, local attacker can bypass authorization and escalate privileges to root due to insufficient enforcement in the CLI. Exploitation would allow privileged configuration changes on affected devices. Mitigation observed in connected so...
CVE-2019-11489
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...
Improper access control
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI...
CVE-2019-11489
CVE-2019-11489 affects SimplyBook.me Enterprise (older releases) where the Administrative Management Interface enforces incorrect access control. Affected: authenticated low-privilege users; vulnerability allows elevation to full admin rights via a crafted HTTP PUT to a /v2/rest/ endpoint with mo...