CVE-2019-12522

MEDIUM Year: 2019
CVSS v3 Score
4.5
Medium
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.

Related Vulnerabilities

CVE-2024-2432

MEDIUM
CVSS:4.5(Medium)

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires ...

CWE-2692024

CVE-2018-12261

MEDIUM
CVSS:4.4(Medium)

An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.

CWE-2692018

CVE-2018-1368

MEDIUM
CVSS:4.4(Medium)

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing, so...

CWE-2692018

CVE-2019-4589

MEDIUM
CVSS:4.6(Medium)

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID: 167449.

CWE-2692019

CVE-2021-23880

MEDIUM
CVSS:4.4(Medium)

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of th...

CWE-2692021

CVE-2021-23882

MEDIUM
CVSS:4.4(Medium)

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by pl...

CWE-2692021