Vulmon Recent Vulnerabilities Trends About Contact

privilege escalation vulnerabilities and exploits

(subscribe to this query)

9.8
CVSSv3
CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....
CanonicalSnapdUbuntu Linux
7.8
CVSSv3
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent...
ApacheHttp ServerCanonicalUbuntu LinuxDebianDebian LinuxFedoraprojectFedoraOpensuseLeap
4.9
CVSSv3
CVE-2020-4352
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427....
IbmMq For Hpe Nonstop
7
CVSSv3
CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file()...
Procps-ng ProjectProcps-ngCanonicalUbuntu LinuxDebianDebian Linux
7.8
CVSSv3
CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or...
CanonicalUbuntu LinuxDebianDebian LinuxRedhatEnterprise LinuxEnterprise Linux DesktopEnterprise Linux ServerEnterprise Linux Workstation
9.8
CVSSv3
CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124....
CanonicalUbuntu LinuxDebianDebian LinuxRedhatEnterprise LinuxEnterprise Linux DesktopEnterprise Linux ServerEnterprise Linux Server AusEnterprise Linux Server TusEnterprise Linux Workstation
7.5
CVSSv3
CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service)....
Procps-ng ProjectProcps-ngCanonicalUbuntu LinuxDebianDebian Linux
7.5
CVSSv3
CVE-2018-1125
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is...
Procps-ng ProjectProcps-ngCanonicalUbuntu LinuxDebianDebian Linux
5.9
CVSSv3
CVE-2018-1121
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and...
Procps ProjectProcps
9.8
CVSSv3
CVE-2019-4155
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544....
IbmApi Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-11061mods for heskCVE-2020-8193remote attackersCVE-2020-8558reflected XSSCVE-2020-7693administrator privilegesmods-for-heskCVE-2020-15526CVE-2020-7457