Total
2044 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-11011 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | |||||
| CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | |||||
| CVE-2016-11003 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | |||||
| CVE-2016-11002 | 1 Elegantthemes | 1 Extra | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | |||||
| CVE-2016-10972 | 1 Tagdiv | 1 Newspaper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | |||||
| CVE-2016-10971 | 1 Membersonic | 1 Membersonic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. | |||||
| CVE-2016-10968 | 1 Peepso | 1 Peepso | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | |||||
| CVE-2015-9390 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | |||||
| CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | |||||
| CVE-2015-8534 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-8032 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. | |||||
| CVE-2015-7831 | 1 Cloudera | 1 Cdh | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. | |||||
| CVE-2015-7556 | 1 Delegate | 1 Delegate | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. | |||||
| CVE-2015-7334 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-7333 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2015-5466 | 1 Sis | 1 Xgi Vga Display Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call. | |||||
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | |||||
| CVE-2015-5071 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | |||||
| CVE-2015-4719 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. | |||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | |||||