Total
178 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | |||||
CVE-2019-13668 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 7.4 HIGH |
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2020-9442 | 2 Microsoft, Openvpn | 2 Windows, Connect | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. | |||||
CVE-2019-19620 | 1 Dell | 1 Red Cloak Windows Agent | 2024-02-04 | 2.1 LOW | 3.3 LOW |
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file. | |||||
CVE-2020-8633 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. | |||||
CVE-2019-6791 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. | |||||
CVE-2019-6995 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. | |||||
CVE-2018-12989 | 1 Pearsonvue | 2 Console 8, Iqsystem 7 | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges. | |||||
CVE-2018-3762 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | |||||
CVE-2018-4115 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence. | |||||
CVE-2018-5163 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 5.1 MEDIUM | 8.1 HIGH |
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60. | |||||
CVE-2017-8562 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability". | |||||
CVE-2017-8563 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 5.1 MEDIUM | 8.1 HIGH |
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability". | |||||
CVE-2017-8579 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability." | |||||
CVE-2017-8573 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556. | |||||
CVE-2017-8552 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263. | |||||
CVE-2017-8466 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevation of Privilege Vulnerability". | |||||
CVE-2017-8578 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | |||||
CVE-2017-8556 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574. | |||||
CVE-2017-8494 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-04 | 6.9 MEDIUM | 7.3 HIGH |
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability". |