Total
2591 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2024-11-20 | 2.1 LOW | N/A |
| rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | |||||
| CVE-2002-0049 | 1 Microsoft | 1 Exchange Server | 2024-11-20 | 6.4 MEDIUM | N/A |
| Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. | |||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2024-11-20 | 7.2 HIGH | 8.4 HIGH |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. | |||||
| CVE-2024-9192 | 2024-11-18 | N/A | 8.8 HIGH | ||
| The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator. | |||||
| CVE-2024-9500 | 2024-11-18 | N/A | 7.2 HIGH | ||
| A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | |||||
| CVE-2020-26063 | 2024-11-18 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability. | |||||
| CVE-2024-49558 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | N/A | 7.8 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2024-11206 | 2024-11-15 | N/A | 7.5 HIGH | ||
| Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. | |||||
| CVE-2024-24409 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-13 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. | |||||
| CVE-2024-8424 | 2024-11-08 | N/A | 7.8 HIGH | ||
| Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00. | |||||
| CVE-2024-8810 | 2024-11-08 | N/A | N/A | ||
| A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.1, 3.13.4, 3.12.9, 3.11.15, and 3.10.17. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-10203 | 2024-11-08 | N/A | 7.0 HIGH | ||
| Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below, 11.3.2428.9 and below are vulnerable to Arbitrary File Deletion in the agent installed machines. | |||||
| CVE-2024-51521 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-20374 | 2024-10-25 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials. | |||||
| CVE-2024-7890 | 1 Citrix | 1 Workspace | 2024-10-22 | N/A | 7.3 HIGH |
| Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | |||||
| CVE-2024-45297 | 1 Discourse | 1 Discourse | 2024-10-19 | N/A | 4.3 MEDIUM |
| Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32196 | 2024-10-16 | N/A | 6.6 MEDIUM | ||
| A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. | |||||
| CVE-2023-32194 | 2024-10-16 | N/A | 7.2 HIGH | ||
| A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. | |||||
| CVE-2024-9471 | 1 Paloaltonetworks | 1 Pan-os | 2024-10-15 | N/A | 4.7 MEDIUM |
| A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations. | |||||
| CVE-2024-9518 | 1 Wpuserplus | 1 Userplus | 2024-10-15 | N/A | 9.8 CRITICAL |
| The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | |||||