Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21882 | 2026-03-02 | N/A | 8.4 HIGH | ||
|
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
|
|||||
| CVE-2024-25420 | 1 Igniterealtime | 1 Openfire | 2025-11-11 | N/A | 7.2 HIGH |
|
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
|
|||||
| CVE-2023-34322 | 1 Xen | 1 Xen | 2025-11-04 | N/A | 7.8 HIGH |
|
For migration as well as to work around kernels unaware of L1TF (see
XSA-273), PV guests may be run in shadow paging mode. Since Xen itself
needs to be mapped when PV guests run, Xen and shadowed PV guests run
directly the respective shadow page tables. For 64-bit PV guests this
means running on the shadow of the guest root page table.
In the course of dealing with shortage of memory in the shadow pool
associated with a domain, shadows of page tables may be torn down. This
tearing down may i ...
Show More |
|||||
| CVE-2024-8382 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-04 | N/A | 8.8 HIGH |
|
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.
|
|||||
| CVE-2024-38813 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-10-31 | N/A | 7.5 HIGH |
|
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
|
|||||
| CVE-2025-62175 | 1 Joinmastodon | 1 Mastodon | 2025-10-20 | N/A | 4.3 MEDIUM |
|
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updates through existing streaming connections and to establish new streaming connections, even though they cannot interact with other API endpoints. This undermines moderation actions, as administrators expe ...
Show More |
|||||
| CVE-2025-27396 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-22 | N/A | 8.8 HIGH |
|
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality.
This could allow an authenticated lowly-privileged remote attacker to escalate their privileges.
|
|||||
| CVE-2019-18276 | 3 Gnu, Netapp, Oracle | 5 Bash, Hci Management Node, Oncommand Unified Manager and 2 more | 2025-06-09 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared objec ...
Show More |
|||||
| CVE-2017-6972 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
|
|||||
| CVE-2015-0278 | 3 Fedoraproject, Libuv Project, Nodejs | 3 Fedora, Libuv, Node.js | 2025-04-12 | 10.0 HIGH | N/A |
|
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.
|
|||||
| CVE-2021-47129 | 1 Linux | 1 Linux Kernel | 2025-04-04 | N/A | 4.6 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: skip expectations for confirmed conntrack
nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed
conntrack entry. However, nf_ct_ext_add() can only be called for
!nf_ct_is_confirmed().
[ 1825.349056] WARNING: CPU: 0 PID: 1279 at net/netfilter/nf_conntrack_extend.c:48 nf_ct_xt_add+0x18e/0x1a0 [nf_conntrack]
[ 1825.351391] RIP: 0010:nf_ct_ext_add+0x18e/0x1a0 [nf_conntrack]
[ 1825.351493] Code: 41 5c 4 ...
Show More |
|||||
| CVE-2006-2916 | 2 Kde, Linux | 2 Arts, Linux Kernel | 2025-04-03 | 6.0 MEDIUM | 7.8 HIGH |
|
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
|
|||||
| CVE-2023-52433 | 2 Linux, Netapp | 2 Linux Kernel, Ontap Tools | 2025-03-25 | N/A | 4.4 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
New elements in this transaction might expired before such transaction
ends. Skip sync GC for such elements otherwise commit path might walk
over an already released object. Once transaction is finished, async GC
will collect such expired element.
|
|||||
| CVE-2025-1003 | 2025-02-04 | N/A | N/A | ||
|
A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.
|
|||||
| CVE-2024-21848 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 3.1 LOW |
|
Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel
|
|||||
| CVE-2023-34844 | 1 Play With Docker Project | 1 Play With Docker | 2024-11-26 | N/A | 9.8 CRITICAL |
|
Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.
|
|||||
| CVE-2023-5369 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A | 7.1 HIGH |
|
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.
This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file correspondi ...
Show More |
|||||
| CVE-2023-35692 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-26239 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.
|
|||||
| CVE-2023-21246 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2022-0358 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-11-21 | N/A | 7.8 HIGH |
|
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentiall ...
Show More |
|||||
| CVE-2021-3982 | 1 Gnome | 1 Gnome-shell | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.
|
|||||
| CVE-2021-37839 | 1 Apache | 1 Superset | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.
|
|||||
| CVE-2021-36372 | 1 Apache | 1 Ozone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.
|
|||||
| CVE-2020-24361 | 2 Debian, Snmptt | 2 Debian Linux, Snmptt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
|
|||||
| CVE-2020-14300 | 2 Docker, Redhat | 2 Docker, Enterprise Linux Server | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). ...
Show More |
|||||
| CVE-2020-14298 | 2 Docker, Redhat | 3 Docker, Enterprise Linux Server, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versi ...
Show More |
|||||
| CVE-2019-20044 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Ipados, Iphone Os, Mac Os X and 7 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
|
|||||
| CVE-2019-14879 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
|
|||||
| CVE-2018-8599 | 1 Microsoft | 5 Visual Studio, Visual Studio 2017, Windows 10 and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
|
|||||
| CVE-2012-1187 | 1 Bitlbee | 1 Bitlbee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Bitlbee does not drop extra group privileges correctly in unix.c
|
|||||
| CVE-2011-3350 | 1 Marmaro | 1 Masqmail | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
|
|||||
| CVE-2011-2921 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
|
|||||
| CVE-2023-0657 | 2024-11-18 | N/A | 3.4 LOW | ||
|
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
|
|||||