Total
723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19355 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.
|
|||||
| CVE-2019-19354 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-19353 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-19352 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-19351 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.
|
|||||
| CVE-2019-19350 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-19349 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-19348 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-19346 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-19345 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
|
A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
|
|||||
| CVE-2019-14819 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.
|
|||||
| CVE-2019-11893 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 4.9 MEDIUM | 8.0 HIGH |
|
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.
|
|||||
| CVE-2019-11891 | 1 Bosch | 2 Smart Home Controller, Smart Home Controller Firmware | 2024-11-21 | 5.4 MEDIUM | 8.0 HIGH |
|
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.
|
|||||
| CVE-2019-10940 | 1 Siemens | 1 Sinema Server | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the v ...
Show More |
|||||
| CVE-2019-10143 | 3 Fedoraproject, Freeradius, Redhat | 3 Fedora, Freeradius, Enterprise Linux | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
|
|||||
| CVE-2018-1101 | 1 Redhat | 2 Ansible Tower, Cloudforms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
|
|||||
| CVE-2018-1088 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Leap, Enterprise Linux Server and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
|
|||||
| CVE-2016-7070 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
|
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.
|
|||||
| CVE-2016-7066 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
|
|||||
| CVE-2024-11073 | 1 Mayurik | 1 Hospital Management System | 2024-11-18 | 4.0 MEDIUM | 8.1 HIGH |
|
A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11306 | 2024-11-18 | 5.0 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-29119 | 1 Siemens | 1 Spectrum Power 7 | 2024-11-15 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges.
|
|||||
| CVE-2024-47595 | 1 Sap | 1 Host Agent | 2024-11-14 | N/A | 7.1 HIGH |
|
An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.
|
|||||
| CVE-2024-49217 | 1 Madirisalmanaashish | 1 Adding Drop Down Roles In Registration | 2024-11-06 | N/A | 9.8 CRITICAL |
|
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.
|
|||||
| CVE-2024-49219 | 1 Themexpo | 1 Rs-members | 2024-11-06 | N/A | 8.8 HIGH |
|
Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3.
|
|||||
| CVE-2024-10766 | 1 Codezips | 1 Free Exam Hall Seating Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names.
|
|||||
| CVE-2024-10765 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10764 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-50504 | 2024-11-01 | N/A | 8.8 HIGH | ||
|
Incorrect Privilege Assignment vulnerability in Matt Whiteman Bulk Change Role allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through 1.1.
|
|||||
| CVE-2024-50506 | 2024-11-01 | N/A | 8.8 HIGH | ||
|
Incorrect Privilege Assignment vulnerability in Azexo Marketing Automation by AZEXO allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.
|
|||||
| CVE-2024-47904 | 1 Siemens | 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware | 2024-10-30 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges.
|
|||||
| CVE-2024-50481 | 2024-10-29 | N/A | 8.8 HIGH | ||
|
Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1.
|
|||||
| CVE-2024-50485 | 2024-10-29 | N/A | 9.8 CRITICAL | ||
|
: Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5.
|
|||||
| CVE-2024-49608 | 1 Gerryntabuhashe | 1 Gerryworks Post By Mail | 2024-10-24 | N/A | 8.8 HIGH |
|
: Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0.
|
|||||
| CVE-2024-9863 | 2024-10-18 | N/A | 9.8 CRITICAL | ||
|
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled.
|
|||||
| CVE-2024-49322 | 2024-10-18 | N/A | 9.8 CRITICAL | ||
|
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.
|
|||||
| CVE-2024-47653 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | N/A | 6.5 MEDIUM |
|
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users.
|
|||||
| CVE-2024-9519 | 1 Wpuserplus | 1 Userplus | 2024-10-15 | N/A | 7.2 HIGH |
|
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.
|
|||||
| CVE-2024-48941 | 1 Syracom | 1 Secure Login | 2024-10-11 | N/A | 5.4 MEDIUM |
|
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.
|
|||||
| CVE-2024-46511 | 2024-10-04 | N/A | 7.5 HIGH | ||
|
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function.
|
|||||