Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | |||||
| CVE-2017-6972 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. | |||||
| CVE-2015-0278 | 3 Fedoraproject, Libuv Project, Nodejs | 3 Fedora, Libuv, Node.js | 2024-11-21 | 10.0 HIGH | N/A |
| libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. | |||||
| CVE-2012-1187 | 1 Bitlbee | 1 Bitlbee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bitlbee does not drop extra group privileges correctly in unix.c | |||||
| CVE-2011-3350 | 1 Marmaro | 1 Masqmail | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping. | |||||
| CVE-2011-2921 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges. | |||||
| CVE-2006-2916 | 2 Kde, Linux | 2 Arts, Linux Kernel | 2024-11-21 | 6.0 MEDIUM | 7.8 HIGH |
| artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | |||||
| CVE-2023-0657 | 2024-11-18 | N/A | 3.4 LOW | ||
| A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. | |||||
| CVE-2024-8382 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 8.8 HIGH |
| Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | |||||