Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation
|
|||||
| CVE-2012-4767 | 1 Safend | 1 Data Protector Agent | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine.
|
|||||
| CVE-2012-4761 | 1 Safend | 1 Data Protector Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.
|
|||||
| CVE-2012-4760 | 1 Safend | 1 Data Protector Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.
|
|||||
| CVE-2012-4606 | 1 Citrix | 1 Xenserver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
|
|||||
| CVE-2012-4480 | 2 Fedoraproject, Ovirt | 2 Fedora, Mom | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
mom creates world-writable pid files in /var/run
|
|||||
| CVE-2012-2312 | 1 Redhat | 2 Jboss Application Server, Jboss Enterprise Application Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
|
|||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2024-11-21 | 1.9 LOW | 3.3 LOW |
|
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
|
|||||
| CVE-2012-1615 | 1 Fedoraproject | 2 Fedora, Sectool | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.
|
|||||
| CVE-2012-1563 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Joomla! before 2.5.3 allows Admin Account Creation.
|
|||||
| CVE-2012-1104 | 3 Apereo, Debian, Linux | 3 Phpcas, Debian Linux, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
|
|||||
| CVE-2011-4954 | 1 Cobblerd | 1 Cobbler | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
|
|||||
| CVE-2011-3349 | 1 Lightdm Project | 1 Lightdm | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
|
|||||
| CVE-2011-2910 | 2 Debian, Linux-ax25 | 2 Debian Linux, Ax25-tools | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.
|
|||||
| CVE-2010-4664 | 3 Consolekit Project, Debian, Redhat | 3 Consolekit, Debian Linux, Enterprise Linux | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
|
|||||
| CVE-2006-4243 | 1 Linux-vserver | 1 Linux-vserver | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.
|
|||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 7.5 HIGH | 5.3 MEDIUM |
|
A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2024-9192 | 2024-11-18 | N/A | 8.8 HIGH | ||
|
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator.
|
|||||
| CVE-2020-26063 | 2024-11-18 | N/A | 5.4 MEDIUM | ||
|
A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.
The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affec ...
Show More |
|||||
| CVE-2024-49558 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | N/A | 7.8 HIGH |
|
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2024-24409 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-13 | N/A | 8.8 HIGH |
|
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
|
|||||
| CVE-2024-8424 | 2024-11-08 | N/A | 7.8 HIGH | ||
|
Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.
This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00.
|
|||||
| CVE-2024-51521 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Input parameter verification vulnerability in the background service module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-7890 | 1 Citrix | 1 Workspace | 2024-10-22 | N/A | 7.3 HIGH |
|
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
|
|||||
| CVE-2023-32196 | 2024-10-16 | N/A | 6.6 MEDIUM | ||
|
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.
|
|||||
| CVE-2023-32194 | 2024-10-16 | N/A | 7.2 HIGH | ||
|
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive *
permissions for core namespaces. This can lead to someone being capable
of accessing, creating, updating, or deleting a namespace in the
project.
|
|||||
| CVE-2024-9471 | 1 Paloaltonetworks | 1 Pan-os | 2024-10-15 | N/A | 4.7 MEDIUM |
|
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should b ...
Show More |
|||||
| CVE-2024-9518 | 1 Wpuserplus | 1 Userplus | 2024-10-15 | N/A | 9.8 CRITICAL |
|
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
|
|||||
| CVE-2024-9002 | 2024-10-15 | N/A | 7.8 HIGH | ||
|
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized
access, loss of confidentiality, integrity, and availability of the workstation when non-admin
authenticated user tries to perform privilege escalation by tampering with the binaries
|
|||||
| CVE-2024-3057 | 2024-10-10 | N/A | 9.8 CRITICAL | ||
|
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
|
|||||
| CVE-2024-38818 | 2024-10-10 | N/A | 6.7 MEDIUM | ||
|
VMware NSX contains a local privilege escalation vulnerability.
An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.
|
|||||
| CVE-2024-44439 | 2024-10-08 | N/A | 5.9 MEDIUM | ||
|
An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port.
|
|||||
| CVE-2024-9265 | 1 Coderevolution | 1 Echo Rss Feed Post Generator | 2024-10-07 | N/A | 9.8 CRITICAL |
|
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator.
|
|||||
| CVE-2024-46549 | 2024-10-04 | N/A | 7.6 HIGH | ||
|
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
|
|||||
| CVE-2024-45373 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2024-10-01 | N/A | 8.8 HIGH |
|
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
|
|||||
| CVE-2024-8263 | 1 Github | 1 Enterprise Server | 2024-09-30 | N/A | 2.7 LOW |
|
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
|
|||||
| CVE-2024-0003 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 7.2 HIGH |
|
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
|
|||||
| CVE-2024-6482 | 1 Idehweb | 1 Login With Phone Number | 2024-09-27 | N/A | 8.8 HIGH |
|
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with pho ...
Show More |
|||||
| CVE-2024-8247 | 1 Tribulant | 1 Newsletters | 2024-09-26 | N/A | 8.8 HIGH |
|
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lowe ...
Show More |
|||||
| CVE-2024-7493 | 1 Wpcom | 1 Wpcom Member | 2024-09-26 | N/A | 9.8 CRITICAL |
|
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.
|
|||||