Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unprivileged vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2019-25058
An issue exists in USBGuard prior to 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
Usbguard Project Usbguard
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2023-0664
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
Qemu Qemu
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 37
7.8
CVSSv3
CVE-2020-10145
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.
Adobe Coldfusion 2018
Adobe Coldfusion 2016
Adobe Coldfusion 2021
7.8
CVSSv3
CVE-2020-25507
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged malicious user to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permis...
3ds Teamwork Cloud
NA
CVE-2013-6383
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel prior to 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
Linux Linux Kernel
7.8
CVSSv3
CVE-2018-12152
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers prior to 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local acc...
Intel Graphics Driver 15.36.28.4332
Intel Graphics Driver 15.36.26.4294
Intel Graphics Driver 15.33.46.4885
Intel Graphics Driver 15.33.45.4653
Intel Graphics Driver 15.40.41.5058
Intel Graphics Driver 15.40.38.4963
Intel Graphics Driver 15.40.37.4835
Intel Graphics Driver 15.40.36.4703
Intel Graphics Driver 15.40.34.4624
Intel Graphics Driver 15.36.35.5057
Intel Graphics Driver 15.36.31.4414
Intel Graphics Driver 15.33.43.4425
Intel Graphics Driver 15.36.34.4889
Intel Graphics Driver 15.36.33.4578
Intel Graphics Driver 15.33.47.5059
NA
CVE-2005-1712
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
Sy9 Serendipity 0.8
7.8
CVSSv3
CVE-2018-5546
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may ...
F5 Big-ip Access Policy Manager Client
F5 Big-ip Access Policy Manager
3.3
CVSSv3
CVE-2020-15703
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. T...
Aptdaemon Project Aptdaemon 1.1.1
7.8
CVSSv3
CVE-2018-10853
A flaw was found in the way Linux kernel KVM hypervisor prior to 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potenti...
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Linux Linux Kernel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »