Vulmon Recent Vulnerabilities Discussions Trends About Contact

privilege vulnerabilities and exploits

10
CVSSv2
CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....
CanonicalSnapdUbuntu Linux
7.5
CVSSv2
CVE-2018-11792
In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically...
ApacheImpala
7.2
CVSSv2
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent...
ApacheHttp ServerCanonicalUbuntu LinuxDebianDebian LinuxFedoraprojectFedoraOpensuseLeap
6.5
CVSSv2
CVE-2017-8187
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation....
HuaweiFusionsphere Openstack Firmware
4.4
CVSSv2
CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file()...
Procps-ng ProjectProcps-ngCanonicalUbuntu LinuxDebianDebian Linux
4.6
CVSSv2
CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or...
CanonicalUbuntu LinuxDebianDebian LinuxRedhatEnterprise LinuxEnterprise Linux DesktopEnterprise Linux ServerEnterprise Linux Workstation
7.5
CVSSv2
CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124....
CanonicalUbuntu LinuxDebianDebian LinuxRedhatEnterprise LinuxEnterprise Linux DesktopEnterprise Linux ServerEnterprise Linux Server AusEnterprise Linux Server TusEnterprise Linux Workstation
5
CVSSv2
CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service)....
Procps-ng ProjectProcps-ngCanonicalUbuntu LinuxDebianDebian Linux
5
CVSSv2
CVE-2018-1125
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is...
Procps-ng ProjectProcps-ngCanonicalUbuntu LinuxDebianDebian Linux
4.3
CVSSv2
CVE-2018-1121
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and...
Procps ProjectProcps
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
overflowtype confusionwso2CVE-2020-5212api managerbypassCVE-2019-10779CVE-2020-0609CVE-2020-0674CVE-2020-7998CVE-2019-15581