CVE-2018-18253

HIGH Year: 2018
CVSS v3 Score
7.0
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-362
View all →

Vulnerability Description

An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases.

Related Vulnerabilities

CVE-2009-3547

HIGH
CVSS:7.0(High)

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting ...

CWE-3622009

CVE-2010-1437

HIGH
CVSS:7.0(High)

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system ...

CWE-3622010

CVE-2010-5159

HIGH
CVSS:7.0(High)

Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler bu...

CWE-3622010

CVE-2010-5169

HIGH
CVSS:7.0(High)

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not bl...

CWE-3622010

CVE-2010-5181

HIGH
CVSS:7.0(High)

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not...

CWE-3622010

CVE-2011-0699

HIGH
CVSS:7.0(High)

Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified oth...

CWE-3622011