Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4814 | 1 Trellix | 1 Data Loss Prevention | 2024-11-21 | N/A | 7.1 HIGH |
| A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. | |||||
| CVE-2023-4003 | 1 Oneidentity | 1 Password Manager | 2024-11-21 | N/A | 7.6 HIGH |
| One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. | |||||
| CVE-2023-46360 | 1 Hardy-barth | 2 Cph2 Echarge, Cph2 Echarge Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. | |||||
| CVE-2023-43018 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | |||||
| CVE-2023-39261 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 5.2 MEDIUM |
| In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | |||||
| CVE-2023-34118 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 7.3 HIGH |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-31175 | 1 Selinc | 1 Sel-5037 Sel Grid Configurator | 2024-11-21 | N/A | 8.8 HIGH |
| An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20. | |||||
| CVE-2023-30998 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A | 7.8 HIGH |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649. | |||||
| CVE-2023-30997 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A | 7.8 HIGH |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638. | |||||
| CVE-2023-30617 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege. | |||||
| CVE-2023-27313 | 1 Netapp | 1 Snapcenter | 2024-11-21 | N/A | 8.3 HIGH |
| SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | |||||
| CVE-2023-27312 | 1 Netapp | 1 Snapcenter Plug-in | 2024-11-21 | N/A | 5.4 MEDIUM |
| SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. | |||||
| CVE-2023-1943 | 1 Kubernetes | 1 Operations | 2024-11-21 | N/A | 8.0 HIGH |
| Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. | |||||
| CVE-2022-41950 | 3 Apple, Linux, Super Xray Project | 3 Macos, Linux Kernel, Super Xray | 2024-11-21 | N/A | 6.4 MEDIUM |
| super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta. | |||||
| CVE-2022-40182 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “--no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser. | |||||
| CVE-2022-2634 | 1 Digi | 2 Connectport X2d, Connectport X2d Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed. | |||||
| CVE-2022-21699 | 3 Debian, Fedoraproject, Ipython | 3 Debian Linux, Fedora, Ipython | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
| IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. | |||||
| CVE-2021-37174 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access. | |||||
| CVE-2021-34591 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. | |||||
| CVE-2021-1528 | 1 Cisco | 19 Sd-wan Vbond Orchestrator, Sd-wan Vmanage, Vedge 100 and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user. | |||||