Total
2585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22576 | 1 Dell | 1 Repository Manager | 2024-08-23 | N/A | 7.8 HIGH |
| Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service. | |||||
| CVE-2024-42774 | 2024-08-23 | N/A | 7.5 HIGH | ||
| An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | |||||
| CVE-2024-33656 | 2024-08-21 | N/A | 7.8 HIGH | ||
| The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms | |||||
| CVE-2024-44076 | 1 Microcks | 1 Microcks | 2024-08-21 | N/A | 9.8 CRITICAL |
| In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. | |||||
| CVE-2024-43403 | 2024-08-21 | N/A | 8.8 HIGH | ||
| Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation. | |||||
| CVE-2024-33872 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. | |||||
| CVE-2024-22069 | 1 Zte | 4 Zxv10 Et301, Zxv10 Et301 Firmware, Zxv10 Xt802 and 1 more | 2024-08-20 | N/A | 8.8 HIGH |
| There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | |||||
| CVE-2024-43401 | 1 Xwiki | 1 Xwiki | 2024-08-20 | N/A | 8.0 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1. | |||||
| CVE-2024-43311 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2. | |||||
| CVE-2024-43245 | 2024-08-19 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | |||||
| CVE-2024-6359 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | N/A | 9.8 CRITICAL |
| Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. | |||||
| CVE-2024-42995 | 2024-08-19 | N/A | 8.3 HIGH | ||
| VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. | |||||
| CVE-2024-22278 | 1 Linuxfoundation | 1 Harbor | 2024-08-14 | N/A | 4.3 MEDIUM |
| Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. | |||||
| CVE-2024-41903 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.2 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption. | |||||
| CVE-2024-21807 | 2024-08-14 | N/A | 8.8 HIGH | ||
| Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-27442 | 1 Zimbra | 1 Collaboration | 2024-08-13 | N/A | 7.8 HIGH |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. | |||||
| CVE-2024-6758 | 1 Sprecher-automation | 24 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dd6-2 and 21 more | 2024-08-13 | N/A | 6.5 MEDIUM |
| Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments. | |||||
| CVE-2024-43153 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10. | |||||
| CVE-2024-41949 | 1 Biscuitsec | 1 Biscuit-auth | 2024-08-09 | N/A | 6.4 MEDIUM |
| biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. | |||||
| CVE-2024-7291 | 2024-08-05 | N/A | 7.2 HIGH | ||
| The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites. | |||||